IAC3000 UG
Contents
1. 215 IAC3000 User s Manual Login Success Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page Uploaded Page Setting Existing Image Files Total Capacity 512 K Now Used 0 E Upload Image Files Upload Images O O Preview e Custom Pages gt gt Login Success Page gt gt External Page Choose the External Page selection and get the login success page from the specific website In the External Page Setting enter URL of the external login page and then click Apply After applying the setting the new login success page can be previewed by clicking Preview bution at the bottom of this page Login Success Page Selection for Users Service Zone Default Default Page O Template Page Uploaded Page External Page External Page Setting External URL http 4 Custom Pages gt gt Login Success Page for On demand User The users can apply their own Login Success page for on demand Users in the menu As the process is similar to that of the Login Page please refer to the Login Page instructions for more details e Custom Pages gt gt Login Success Page for On demand Users gt gt Default Page Choose Default Page to use the default login success page for on demand account Login Success Page Selection for on demand Users Service Zone Default 6 Default Page O Template Page O Uploaded Page O External Page Default Page Setting Servic2. 6 NIA N A N A Disabled Create 7 N A N A N A Disabled Create 8 NIA NIA NIA Disabled Create 9 N A N A NIA Disabled Create 0 NIA N A N A Disabled Create Creating an On demand Account Plan Type 2 Volume Quota 100 Mbyte s Account Activation First time login must be done within 2 day s Valid Period After activation the account will be expired in 2 day s Total Price 15 Reference Add a reference related to this account for example the customers name Please confirm the information and press Create button to create an account 7ubs ondemand 6egx29r2 2 Volume le 100 Mbyte s CL 15 lt ax Note To make a better print out ticket you may need to cofigure the browser settings for example Page Setup as well as the printer settings for example Preferences before printing out the page IAC3000 User Manual 6 On demand Account List All created On demand accounts are listed and related information on is also provided On demand Account List Username Password Remaining Quota Status Reference Delete All 59ed4 4396e8ra 100 M byte s Normal Room101 Delete Tubs begx29r2 100 M byte s Normal aL Delete 4mt eg ak bv 2 hris Normal Johnsmith Delete Search Enter a keyword of a username to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed Username The login name of the user Password The logi
3. Disabled Step 3 Make sure that the proxy server settings match with at least one of the proxy server setting of the system for example in this case 203 125 142 1 3128 matches with blank 3128 Local Area Network LAN Settings Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatically detect settings Use automatic configuration script ee Proxy server Use a proxy server For vour LAN These settings will nok apply to dial up or VPM connections Bypass proxy server for local addresses 178 IAC3000 User s Manual Proxy Settings Servers B Type Proxy address bo use HTTP 24 12 1421 q a Secure E i ul FTP Socks Use the same proxy server For all protocols Exceptions B Do not use proxy server For addresses beginning with Ys Use semicolons Eo separate entries Caution 1 Itis required that the proxy server setting of the clients match with the proxy server setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will show an error page in the browser 2 When the Built in Proxy Server is enabled all the outgoing proxy traffic will be automatically redirected to the built in proxy server 179 IAC3000 User s Manual Using Extranet Proxy Server The second scena
4. Group Select one Group from the drop down list box for this specific authentication option Enable Local VPN When Local VPN function is enabled for this authentication option upon a successful login of a client a VPN tunnel will be established between a client s device and the system The data passing through the VPN tunnel are encrypted The system s Local VPN supports client devices under Windows 2000 and Windows XP SP1 SP2 Note Local VPN in I AC3000 is an additional secure login VPN feature for AC3000 local users subscribers The software design for Local VPN in I AC3000 is tightly coupled with Active X which is supported by Windows platform Internet Explorer where Active X program is supported Authentication Method Select LDAP from the drop down list box and then click LDAP Setting for further configuration Enter the related information for the primary and or the secondary LDAP server the secondary server is not required The fields with red asterisk are required The settings will take effect immediately after clicking Apply 55 Y VW VV WV IAC3000 User Manual eee menear Secondary LDAP Server Base DN Account Attribute Group Mapping Attribute Group jan LDAP Attributes to Grou Mapping Server IP The IP address of the external LDAP server Port The authentication port of the external LDAP server Base DN The Distinguished Name for the navigation path of LDAP account Account Attribute
5. Payment Data Transfer On Block Non encrypted Website Payment Off PayPal Account Optional Off Contact Telephone Number Off Click Save IAC3000 User s Manual Log Out Help Security Center My Account Send Money Request Money Merchant Tools Auction Tools Overview Add Funds Withdraw History Resolution Center Profile Website Payment Preferences Back to Profile Summary Auto Return for Website Payments Auto Return for Website Payments brings your buyers back to your website immediately after payment completion Auto Return applies to PayPal Website Payments including Buy Now Donations Subscriptions and Shopping Cart Learn More Auto Return n Off Return URL Enter the URL that will be used to redirect your customers upon payment completion This URL must meet the guidelines detailed below Learn More Return URL http www ww com Return URL Requirements The following items are required in order to set up Auto Return Payment Data Transfer optional Payment Data Transfer allows you to receive notification of successful payments as they are made The use af Payment Data Transfer depends on your system configuration and Your Return URL Please note that in order to use Payment Data Transfer you must turn on Auto Return Payment Data On Transfer cof Encrypted Website Payments Using encryptian enhances the security of website payments by decreasing the possibility that a 3rd par
6. Payment Gateway URL http s secure authorize net gatewayitransact dll Verify SSL Certificate Enable Disable Test Mode Enable Disable MD5 Hash O Enable Disable 145 IAC3000 User s Manual 2 Basic Maintenance In order to maintain the operation merchant owners will have to manage the accounts and transactions via Authorize Net as well as AC3000 2 1 Void A Transaction and Remove the On demand Account Generated on IAC3000 Sometimes a transaction as well as the related user account on AC3000 may have to be canceled before it has been settled with the bank a To void an unsettled transaction please log in Authorize Net Click Unsettled Transactions gt gt Locate the specific transaction record on the List of Unsettled Transactions gt gt Click the Trans ID number gt gt Confirm and click Void Note To find the on demand account name click Show Itemized Order Information in the Order Information section gt gt Username can be found in the Item Description b To remove the specific account from I AC3000 please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account name Click Delete All to delete all users at once On demand Account List Username Password Remaining Quo
7. The description of the table is as follows E in total accumulated packets in through this WAN port since the gateway boots up The delta shows the difference between the numbers Packets Out from last time this Interface Status page is visited The total accumulated bytes in through this WAN port since the gateway Bytes In boots up The delta shows the difference between the numbers from last time this Interface Status page is visited Enable disable stands for status of the DHCP server in Default Service Zone Minutes of the lease time of the IP address Mode fme operation mode of the default SZ Item Description MAC Address Address The MAC address of the WAN1 port WANI IP IPAddress Me li IP address of the WAN1 port mE Subnet Mask of the WAN1 port from last time this Interface Status page is visited The total accumulated packets out through this WAN port since the The total accumulated packets out through this WAN port since the Bytes Out gateway boots up The delta shows the difference between the numbers WINS IP Address The WINS server IP on DHCP server N A means that it is not configured Service Zone Default start IP Address The start IP address of the DHCP IP range DHCP Server MAC Address The MAC address of the default SZ Service Zone Default IP Address The IP address of the default SZ MAC Address Address RE MAC address of the WAN2 port WAN2 IP IPAddress EZ A i IP address of the WAN2 port NS Sub
8. _ Configuration Authentication Management Configuration FE Ip ee E Fy Restart Change Password Do you want to RESTART the system Backup Restore Settings Firmware Upgrade Y r k d Restart a wee Network Utilities 169 IAC3000 User s Manual Note Please do not interrupt the system during the restarting process Once the settings of two Service Zones are completed the configured result will be displayed in the Service Zone Settings page SZ1 and SZ2 are both enabled Configuration Wizard 4 System Information a Service zone Name WAN1 Configuration Service Zone Settings Port Map SSID C WAN2 Configuration Default OJOJa jo a None Network _ Configuration 4 a e Service Zone Settings WLAN Applied Default Encryption Policy Authentication Details Status Net Policy 1 Server 1 Enable WAN Traffic Settings a LAN PortMapping None k Service Zones Policy 1 i ii Enable Enable None Policy 1 Server 1 Step 10 AP Discovery Select AP Discovery in AP Management Set the Interface in Default port Select Factory Default in the section of Admin Settings Used to Discover If selecting manually type the range of IP address in the section Then start scanning the new APs by clicking Scan Now button AP Discovery AP Type NP725 Interface Default Fact
9. ar Ranma eee EEEENENEEENENIEEN Wireless Serv ce Gateway After a successful login a Welcome to System Administration page will appear on the screen If https is used instead of http for accessing the lAC3000 web management interface by default the IAC3000 is not using a trusted SSL certificate for more information please see 4 2 5 Additional Configuration there will be a Certificate Error because the browser treats lAC3000 as an illegal website Please press Continue to this website to continue The default user login page will then appear in the browser Certificate Error Navigation Blocked Microsoft Internet Explorer provided by NetComm Ge y v https 192 168 30 1 IIE File Edit View Favorites Tools Help we de Certificate Error Navigation Blocked fey Home fj Feed x There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Y Click here to close this webpage Y Continue to this website not recommended E More information Caution If you can t get the log
10. 14 IAC3000 User Manual NEILDMH AC3000 Internet Access Controller OPE ee a AU Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address Select it to set static IP address Dynamic IP Address Select itto obtain an IP address automatically For most cable modem users PPPoE Client Enter the PPPoE Clients Username and Password For most DSL users a A Gaus NEILOMM IAC3000 Internet Access Controller HGR COT TAL COMA Step 4 Cont Set PPPoE Client s Information Enter the PPPoE Client s Username and Password For most DSL users a A A e Step 5 Add Local User Account Optional gt A new user can be added to the Local User database To add a user here enter the Username e g test Password e g test MAC Address optional to specify the valid MAC address of this user and assign an Applied Group to this particular user or use the default None More users can be added by clicking the Add Now button Click Next to continue 15 IAC3000 User Manual MAU i IAC3000 Internet Access Controller MTEC TT OT aes Step 5 Add Local User Account Optional Administrator can choose to add local user accounts for a quick trial Username Password MAC Address fe XOXO IC Applied Group a A ax Step 6 Save and Restart IAC gt Click Restart to save current settings and re
11. C gt cd windir system32 C gt Clean_IPSEC bat Or C gt cd windir system32 C gt ipsec2k exe stop b How to remove ActiveX component in client s computer ANS 1 Uninstall and delete ActiveX component 2 Close all Internet Explorer windows 3 Open a command prompt window and type the commands as follows C gt cd windir system32 C gt regsvr32 u VPNClient_1_5 ocx 209 IAC3000 User s Manual C gt del VPNClient_1_5 ocx c What can do if unable establish IPSec connection for Windows XP SP1 ANS Disable Windows XP firewall 210 IAC3000 User s Manual Appendix I Customizable Pages There are five users login and logout pages for each service zone that can be customized by administrators Go to System Configuration gt gt Service Zone gt gt Service Zone Settings Configure gt gt Custom Pages Click the button of Configure the Login Logout page will appear including Login page Logout Page Login Success Page Login Success Page for On demand User and Logout Success Page Click the radio button of page selections to have further configuration Login Page Logout Page Custom Pages Login Success Page Login Success Page for Ondemand User Logout Success Page 1 Custom Pages gt gt Login Page The administrator can use the default login page or get the customized login page by setting the template page uploading the page or downloading from the specific website After finishin
12. Configuration Wizard a k System Information a WAN1 Configuration WAH Configuration Ty WAN Traffic Settings k LAN Port Mapping k Service Zones IAC3000 User Manual system Information System Name Device Name Home Page Access History IP Management IP Address List SNMP User Logon SSL Time System Information NetComm lAC3000 L Use the name on the security certificate FODH for this device Enabled Disabled http fanww netcomm com au 2 9 http www google com Peg 192 108 2 1 setup Management IF Address List O Enabled Disabled Enabled Disabled Device Time 2009 01 22 13 55 30 Time Zone GMT 10 00 Canberra Melbourne Sydney 2 NTP Enable NTP Server 4 ntp1 cs mu 02 4U e g tock usno navy mil NTP Server 2 NTP Sever 3 clock cuhk edu hk NTP Server A ntps1 pads ufrj br NTP Server 5 ntp1 c mu OZ AU Set Device Date and Time OQ System Name Set the system s name or use the default name Device Name FQDN Fully Qualified Domain Name This is the domain name of the IAC3000 as seen on client machines connected on LAN ports A user on client machine can use this domain name to access IAC3000 instead of its IP address In addition when Use the name on the security certificate option is checked the system will use the CN Common Name value of the uploaded SSL certificate as the domain
13. Customer Information ACA Australian Communications Authority requires you to be aware of the following information and warnings 1 This unit shall be connected to the Telecommunication Network through a line cord which meets the requirements of the ACA TS008 Standard 2 This equipment has been tested and found to comply with the Standards for C Tick and or A Tick as set by the ACA These standards are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio noise and if not installed and used in accordance with the instructions detailed within this manual may cause interference to radio communications However there is no guarantee that interference will not occur with the installation of this product in your home or office If this equipment does cause some degree of interference to radio or television reception which can be determined by turning the equipment off and on we encourage the user to try to correct the interference by one or more of the following measures e Change the direction or relocate the receiving antenna e Increase the separation between this equipment and the receiver e Connect the equipment to an alternate power outlet on a different power circuit from that to which the receiver TV is connected e Consult an experienced radio TV technician for help 3 The power supply that is provided with this unit is only intende
14. Description Transmission Control Protocol nternet Protocol The defautk Wide area network protocol that provides communication across diverse interconnected metvworks Show icon in notification area when connected 195 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from I AC3000 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the P Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of IAC3000 following steps IAC3000 User s Manual Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Othenwise pou need to ask your network administrator for the appropriate IP settings fe Obtain an IP address automatically Obtain DNS server address automatically O Use the following DMS server addresses Se ae Note If your PC has been set up completed please inform the network administrator before proceeding to the 5 1 Choose Use the following IP address and enter the P address Subnet mask If the DNS Server field is empty select Using the following DNS server addresses and enter the DNS Server
15. The standard package of IAC3000 includes IAC3000 x 1 CD ROM with User Manual x 1 DC 12V Power Adapter x 1 Ethernet Cable x 1 Console Cable x 1 IAC3000 User Manual Warning It is highly recommended to use all the supplies in the package instead of substituting any components by other suppliers to guarantee best performance IAC3000 User Manual 3 1 3 Panel Function Descriptions Front Panel 1 STATUS POWER LED There are four kinds of LED Power Status WAN and LAN to indicate different status of the system gt Power LED ON indicates power on gt Status While system power is on status OFF indicates BIOS is running BLINKING indicates the OS is running and ON indicates system is ready gt WAN LED ON indicates connection to the WAN port gt LAN LED ON indicates connection to the LAN port WAN1 WAN2 Two WAN ports 10 Base T 100Base TX RJ 45 are available on the system LAN1 LANE8 Client machines connect to AC3000 via LAN ports 10 Base T 100Base TX RJ 45 Note By Default all LAN ports are set with Port based Default Service Zone for Service Zone configuration please refer to section 4 1 7 Rear Panel Reset Press this button to restart the system Console The system can be configured via a serial console port The administrator can use a terminal emulation program such as Microsoft s HyperTerminal to login to the configuration console interface to change admin passwor
16. Y Y VV WV VLAN Tag SSID Netcom m_lAC3 000 Netcom m_lAC3 000 1 NetCom m_lAG3 000 2 NetCom m_lAC3 o000 3 Netcom m_lAC3 000 4 NetCom m_lAG3 000 5 NetCom m_lAC3 000 6 Netcom m_lAC3 o000 7 NetCom m_lAG3 000 8 Service Zone Settings WLAN Encryption None None None None None None None None None Applied Policy Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Policy 1 Default Authentication Server 1 Server 1 Server 1 Server 1 Server 1 Server 1 Server 1 server 1 server 1 Service Zone Name Mnemonic name of the Service Zone Status Details Enable Disable Configure Disable Disable Disable Disable Disable Disable Disable VLAN Tag The VLAN tag number that is mapped to the Service Zone in tag based mode SSID The SSID that is associated with the Service Zone WLAN Encryption Data encryption method for wireless networks within the Service Zone Applied Policy The global policy that is applied to the Service Zone This is for users who are not assigned to any group such as users who access the network using Walled Garden Each group can set its own group policy Group policy overrides global Service Zone policy Note For more information about Group please refer to 4 2 3 Group Configuration section gt Default Authentication Default authentication method server that is used within
17. 1 Merchant Login ID 2 Merchant Transaction Key 3 Payment Gateway URL 4 MDS Hash Value Authorize Net Enable and configure the Credit Card Billing function No Check and retry Yes or ask for technical support Credit Card Billing function Up and rumnirg y 143 IAC3000 User s Manual IAC3000 User s Manual 7 Setting Up 1 1 Open Accounts To set up IAC3000 to process credit card billing the merchant owner will need two accounts Internet Merchant account and Authorize Net account If you are looking for a merchant account or Internet payment gateway to process transactions you can fill out the Inquiry Form on http www authorize net solutions merchantsolutions merchantinquiryform Authorize Net Your Gateway to IP Transactions es Merchants Resellers Developers Resources Company Merchant Inquiry Ifyou are looking for a merchant account and or payment gateway to process transactions please callus at 866 437 0476 Monday Friday 6 Abl 5 Phi Pacific time or fill out the form below Required field First Marne Ps Last Marne fs Company Mame fo Job Title E Address E Cit State 1 2 Configure AC3000 using an Authorize Net account Please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server name On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt
18. Always Recurring One Time Action Block Pass o Rule Number This is the rule selected 1 Rule No 1 has the highest priority rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN1 WAN2 Default and the named Service Zones to be applied for the traffic interface o Source Destination IP Address Domain Name Enter the source and destination IP addresses Domain Host filtering is supported but Domain name filtering is not o Source Destination Subnet Mask Select the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Source Destination IPSec Encrypted Check the box for only filtering on the encrypted traffic o Service Protocol There are defined protocols in the service protocols list to be selected o Schedule When schedule is selected clients assigned with this policy are applied the firewall rule only within the time checked There are three options Always Recurring and One Time Recurring is set with the hours within a week o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing and Pass is to permit packets passing gt Specific Route Profile Click the button of Setting for Specific Route Profile the Specific Route Profile list will appea
19. Authentication _ Management j Configuration Utilities Service Zone Settings Configuration Wizard y bin ents Service Zone Settings System Information Service 3 setae jue OR ce Oe eel soe as Tag Encryption Policy Authentication a y ER Name k WAN1 Configuration NetCom Default mJAC3 None Policy1 Sewver4 Enable 5 WAN2 Configuration _ 000 ene a NetCom n WAN Traffic Settings Guest 1111 mJAC3 None Policyt pr Enable 000 1 LAN Port Mapping y NetCom Employee 2 m_lAC3 None Policy 1 Server 1 Enable p 000 2 k Service Zones NetCom Step 5 Configure Authentication Settings for SZ2 Check the Enable radio button of Service Zone Status to activate SZ2 Enter a name for SZ1 e g Employee in the Service Zone Name field Enter a VLAN tag for SZ1 e g 2222 in the VLAN Tag field Basic Settings Service Zone Status O Disable Service Zone Name Operation Mode NAT Router Network Settings IP Address 192 168 321 Subnet Mask 255 255 255 0 Check the Enable radio button to enable Authentication Required for the Zone Check the Default button and Enabled box of Server 1 to set LOCAL authentication method as default Disable all other authentication options Authentication Settings Authentication Status Enable Disable Server POP3 pop3 d Authentication Options Server 3 RADIUS radius O C Server 4 LDAP Idap O
20. Defines the guaranteed minimum bandwidth allowed for an individual client belonging to this Group The Individual Request Uplink cannot exceed the value of Group Total Uplink and Individual Maximum Uplink gt Privilege Profile Group 1 Privilege Configuration Change Password Privilege Enable Disable o Change Password Privilege When Change Password Privilege is enabled the authenticated local users within this Group are allowed to change their password via the Login Success Page T1 IAC3000 User s Manual Zone Permission Configuration amp Policy Assignment Group X A Group can be assigned to one Service Zone or multiple Service Zones Moreover a Group can be applied with different Policies within different Service Zones Remote VPN is considered as a zone where clients log into the system via remote VPN Group Configuration Group 1 Select Group MC Zone Permission Configuration amp Policy Assignment Group 1 Edit Group Permission gt Name The name of Service Zones and Remote VPN gt Enabled Select Enabled to allow clients of this Group to log into the selected Service Zones For example the above figure shows that users in Group 1 can access network services via every Service Zone as well as Remote VPN under constraints of Policy 1 gt Policy Select a Policy that the Group will be applied with when accessing respective Service Zones gt Edit Group Permission The relation be
21. HE HEH StH HE HEHEH HE fy On demand Account Creation Plan Type Time N A N A N A N A N A N A N A N A N A 2 hrs 0 mins 20 Enabled On demand Account Creation Quota Price aun Status Function N A Disabled N A Disabled N A Disabled N A Disabled N A Disabled N A Disabled N A Disabled N A Disabled N A Disabled 10 IAC3000 User Manual After a successful login to AC3000 a web management interface with a welcome message will appear Note To logout simply click the Logout icon on the upper right corner of the interface to return to the login screen 2 Now you are ready to run the Wizard To quickly configure AC3000 by using the Configuration Wizard click System Configuration from the top menu to go to the System Configuration page Then click Configuration Wizard on the left Click the Run Wizard button to begin the Configuration Wizard The Configuration Wizard will appear in a pop up browser window Click Next to begin X Logout Mel O 1AC3000 Internet Access Controller OM WWW NELCONMIM COM 3U We User dif AP Network NA MA Authentication_ Management Configuration _ Configuration Wizard Configuration Wizard i Configuration Wizard System Information 1A4C3000 is a Network Access Controller with access control features ideal for hotspot small and
22. History History Download My Histor A View up to three months of Dispute Reports monthly account statements View this Adwanced Search History sera Fasa ae o or O Within The Past Day Y From j2 z d f0 2008 Month Day Year Month Day Tear Note For more information about PayPal please see htto www paypal com 159 IAC3000 User s Manual 4 Examples of Making Payment for End Users Step 1 Click the link below the login window to pay for the service via PayPal User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In m Password Step 2 Choose agree to accept the terms of use and click Next Service Disclaimer We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us 1f the information you provide cannot be verified we may ask you to send us additional information such as your driver license credit card statement and or a recent utility bill or other information confirming your address or to answer additional questions to help verify gt e agree O disagree Step 3 Please fill out the form and Click Submit to send out this transaction There will be a confirm dialog box 160 Wireless Internet Access Rate Plan Price 2hris AUD
23. NetComm Australia Broadband Solutions Products A fay Home ES Feeds J Melcomm WWW NEB COMIN COM AU FEF r NAF f UUA ENANA ANA Qt ipport About NetGomm Resellers Only 19 IAC3000 User Manual 3 When an on demand user login successfully the following Login Success page will appear There is extra information showing Remaining usage and a Redeem button on the bottom User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In by q UserName p933 ondemand Password ER seres FA CLOER C Remember Me Click here to purchase by Credit Card Online Hello you are logged in via p933 ondemand Tolog out please click the Logout Button 1 Hour Min 18 Sec Login time 2009 1 22 12 51 29 start Browsing Remaining usage Show the remaining quota that the on demand user can use to surf Internet 20 IAC3000 User Manual User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In L 4 User Name p933 ondemand Password Remember Me Click here to purchase by Credit Card Online Redeem When the remaining credit is going to use up the client has to pay for adding credit to the counter and then the client will get a new username and password After clicking the Redeem button a Redeem Page will appe
24. Permitting specific MAC addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems 109 IAC3000 User s Manual 4 4 3 Monitor IP List IAC3000 will send out a packet periodically to monitor the connection status of the IP addresses on the list If the monitored IP address does not respond the system will send an e mail to notify the administrator that such destination is not reachable After entering the related information click Apply and these settings will become effective immediately Click Monitor to check the current status of all the monitored IPs Green light means online and red light means offline The system provides 40 monitor IP address fields on the Monitor IP List Monitor IP List ltem Protocol IP Address Link Item Protocol IP Address Link Total 40 First Prev Next Last Monitor On each monitored item with a WEB server running administrators may add a link for the easy access by selecting a protocol http or https and click the Add bution After clicking Add button the IP address will become a hyperlink and administrators can easily access the host by clicking the hyperlink remotely Click the Del button to remove the setting 110 IAC3000 User s Manual 4 4 4 Walled Garden List Walled Garden Ad List This function provides some free services to the users to access websites listed here before login to the
25. Service Zone Settings Managed AP in this Service Zone 41 IAC3000 User Manual All managed APs that belong to this service zone are listed here Assigned IP Address for AP Management Start IF Address 192 168 30 101 IP Range End IF Address 192 168 30 112 Managed AP in this Service Zone IP Address AP Type AP Name Status MAC Address 192 168 30 112 MP P25 admin Online 00 60 64 27 15 1F 42 4 2 User Authentication IAC3000 User Manual This section includes the following functions Authentication Configuration Black List Configuration Group Configuration Policy Configuration and Additional Configuration Syste m Configuration C Cn AP Network Management Configuration fA User Authentication Black List Configuration Group Policy Configuration User Authentication Each server allows only one type of authentication method and one Black List Profile System supports the following external authentication servers POP3 S RADIUS LDAP NT Domain and SIP system supports 5 Black List profiles for used within the authentication server On demand users are NOT bounded by the Black List 8 sets of group profiles can be define and used to enforce the access control for different groups of users A policy can be selected to apply to a group of users within a zone 12 sets of policy profiles including Firewall Profile Specific Route Profile Schedule Profil
26. TCP and UDP for each user can be specified in the Global policy which applies to authenticated users users on a non authenticated port privileged users and clients in DMZ zones gt When the number of a user s sessions reaches the session limit a choice of Unlimited 10 25 50 100 200 350 and 500 the user will be implicitly suspended upon receipt of any new connection request In this case a record will be logged to a Syslog server gt Since this basic protection mechanism may not be able to protect the system from all malicious DoS attacks it is strongly recommended to build some immune capabilities such as IDS or IPS solutions in network deployment to maintain network operation Session Log The system can record connection details of each user accessing the Internet In addition the log data can be sent out to a specified Syslog Server Email Box or FTP Server based on pre defined interval time gt The description of the fields of a session log record is shown as below Field O Desoipion A Date and Time The date and time that the session is established l New This is a newly established session Session Type l ae Blocked This session is blocked by a Firewall rule The account name with postfix of the user When it shows N A it indicates that the user or device does not need to log in witha username for example the user or device is on a non authenticated Username port or on the privileged MA
27. The attribute of LDAP accounts Attribute Group Mapping This function is to assign a Group to a LDAP attribute sent from the LDAP server When the clients classified by LDAP attributes log into the system via the LDAP server each client will be mapped to its assigned Group To get and show the attribute name and value from the configured LDAP server enter Username and Password and click Show Attribute Then the table of attribute will be displayed Enter the Attribute Name and Attribute Value chosen from the attribute table and select a Group from the drop down list box Attribute Name Attriubute Value Ch LISERO1 C LISER 1 1 LDAP Group Mapping LDAP Group Mapping Server 4 Enable Disable No LDAP Attribute Name LDAP Attribute Value Group Remark eE S e E E T C 1 E E O C 56 IAC3000 User Manual 4 2 1 5 NT Domain The system supports authentication by an external NT Domain authentication database Authentication Server Server 4 Server Name Its sewer name Postfix ntdomain Its postfix name Black List Mone w Authentication Method MT Domain Setting Enable Local WPH Server Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Postfix Set a postfix that is easy to distinguish e g NT Domain by using numbers 0 9 alphabets a z or A Z
28. gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select PayPal System Wa We AP M Network Configuration JEAN j Configuration A a y e y A e 4 A V dl External Payment Gateway Authentication Configuration External Payment Gateway Black List Configuration j Authorize Net PayPal Disable Group Configuration l PayPal Payment Page Configuration k Policy Configuration A Business Account k Additional Configuration Payment Gateway URL https www paypal com cgi bin webscr Identity Token Verify SSL Certificate O Enable Disable Currency USD U S Dollar we Three fields are required A ee Business Account ID This is the Login ID email address that is associated with the PayPal Business Account Payment Gateway URL https www paypal com cgi bin webscr default URL for PayPal Identity Token Please log in PayPal after saving the above settings gt gt Click Profile gt gt Click Website Payment Preferences in the Selling Preferences section gt gt Scroll down to the section Payment Data Transfer optional Payment Data Transfer optional Payment Data Transfer allows you to receive notification of successful payments as they are made The use of Payment Data Transfer depends on your system configuration an
29. name 25 IAC3000 User Manual Home Page Enter the website of a Web Server to be the homepage When users log in successfully they will be directed to the homepage set Usually the homepage is set to the company s website such as http www netcomm com au If the home page function is disabled the user will be directed to the URL she he tries to visit originally e Access History IP Specify an IP address of the administrator s computer or a billing system to get billing history information of l AC3000 with the predefined URLs as the following Traffic History https 192 168 30 1 status history 2009 01 22 we Be Ehttps 192 166 30 1 status history 2009 01 22 igi Home E deb Print E Page Gp Tools late TYPE Name TP MAC Packets In Bytes In Packets Out Bytes Out 2009 01 22 12 51 35 LOGIN test local 192 168 30 80 00 00 60 TT BC FB 0 0 0 2009 01 22 12 32 18 LOGOUT test local 192 168 30 80 00 00 60 T7T BC FB 0 0 d 192 009 01 22 12 35 16 LOGIN test local 192 168 30 80 00 00 60 T7T BC FB 0 0 0 0 2009 01 22 12 45 38 LOGIN test local 192 168 30 80 00 00 60 77 BC FB 0 0 0 0 2009 01 22 12 46 40 LOGOUT test local 192 168 30 80 00 0D0 60 77 BC FB 38 15562 4D 11001 On demand History https 192 168 30 1 status ondemand_history 2009 01 22 a s cb a al https 192 166 30 1 statusfondemand_history 2009 i fap Home E deb Print i Page Cl Tools Date System Name Type Name IP MAC
30. select automatic discovery or contact your network administrator Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration Automatic Configuration T Automatic discovery of proxy server recommended M Use automatic configuration script Address TT Manual Proxy Server Qee J teca 186 6 Choose No and then click Next 7 Finally click Finish to exit the Internet Connection Wizard Now the set up is completed Windows XP 1 Choose Start gt gt Control Panel gt gt Internet Option 187 IAC3000 User s Manual Internet Connection Wizard x Set Up Your Internet Mail Account An Internet mail program is installed on your computer Internet mail allows you to receive and send e mail messages To successfully set up your Internet mail account you must have already signed up for an e mail account with an Internet service provider and obtained important connection information IF you are missing any information the wizard asks you to provide contact your Internet service provider Do you want to set up an Internet mail account now lt Back i Cancel Internet Connection Wizard i x Completing the Internet Connection Wizard You have successfully completed the Internet Connection wizard Your computer is now configured to connect to your Internet account After pou c
31. want to connect The Internet Connection wizard helps you connect your computer to the Internet You can use this wizard to set up a new or existing Internet account through a local Area network LAN and then click Next want to sign up for a new Internet account My telephone line is connected to my modem want to transfer my existing Internet account to this computer My telephone line is connected to my modern want to set up my Internet connection manually or want to connect through a local area network LAN To leave your Internet settings unchanged click Cancel To learn more about the Internet click Tutorial Tutorial 4 Choose I connect through a local area x Setting up your Internet connection network LAN and then click Next If You have an Internet service provider account you can use your phone line and a modem to connect to it IF your computer it connected to a local area network LAN you can gain access to the Internet over the LAN How do you connect to the Internet E connect through a phone line and a modem connect through a local area network LAN R Cancel _ O 5 DO NOT choose any option in the following LAN xi Local area network Internet configuration window for Internet configuration and just click Ne xt Select the method you would like to use to configure your proxy settings If you are not sure which option to select
32. when Only ID option is checked only the username will be transferred to the external RADIUS server for authentication NASID The Network Access Server NAS Identifier of the system for the external RADIUS server e Class Group Mapping This function is to assign a Group to a RADIUS class attribute sent from the RADIUS server When the clients classified by RADIUS class attributes log into the system via the RADIUS server each client will be mapped to its assigned Group RADIUS Group Mapping Server 3 O Enable Disable Class Attribute Group AT RA O A a O e Server IP The IP address of the external RADIUS server Authentication Port Enter the authentication port of the RADIUS server e Accounting Port The accounting port of the external RADIUS server e Secret Key The Secret Key for RADIUS authentication e Accounting Service The system supports RADIUS accounting that can be enabled or disabled e Authentication Protocol The configuration of the system must match with that of the remote RADIUS server PAP Password Authentication Protocol transmits passwords in plain text without encryption CHAP Challenge Handshake Authentication Protocol is a more secure authentication protocol with hash encryption Notice If the RADIUS Server does not assign idle timeout value the AC3000 will use the local idle timeout 54 4 2 1 4 IAC3000 User Manual LDAP The system supports authentication by an exte
33. Address IAC3000 User Manual Users List Applied Group Local VPN Enabled Remark None Ho Delete Total First Prev Next Last OQ o Del All Click on this button to delete all the users at once and click on Delete to delete the user individually o Edit User If editing the content of individual user account is needed click the username of the desired user account to enter the User Profile Interface for that particular user and then modify or add any desired information such as Username Password MAC Address optional Group optional Enable Local VPN optional and Remark optional Click Apply to complete the modification Username Password MAC Group Enable Local VPN Remark User Profile et et i d Roaming Out amp 802 1X Authentication When Account Roaming Out is enabled the link of this function will be available to define the authorized device with IP address Subnet Mask and Secret Key Please see more explanation above in the section for Roaming Out and the section for 802 1X Authentication 49 IAC3000 User Manual Local User Setting Edit Local User List ll Enabled Disabled RADIUS Roaming Out iLocal user database will be used as authentication database for roaming out users Enabled Disabled 802 1 Authentication Local user database will be used as internal RADIUS database for 802 1 enabled LAN devices such as AP and switch RADIUS Client List
34. Click the desired Service Zones for tag based mode Add the selected AP with reselected Service Zones to the list by checking the AP and clicking Add button Discovered AP List IP Address AF Hame Template AP Type Semice Zone Add MAC Address Password Chanmel 197 169 30 105 admin TEMPLATE e Default NPTSS o Emploree 00 60 64 27 14 16 admin Ayto s Guest 176 IAC3000 User s Manual Appendix D Proxy Setting Basically a proxy server can help clients access the network resources more quickly This section presents basic examples for configuring the proxy server settings of IAC3000 Using Internet Proxy Server The first scenario is that a proxy server is placed outside the LAN environment or in the Internet For example the following diagram shows that a proxy server of an ISP will be used ag ADSL Cable Modem Crateway i Access Point ISP Proxy Server Msotebook 177 IAC3000 User s Manual Follow the steps below to complete the proxy configuration Step 1 Log into the system by using the admin account Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Add the IP address leaving it blank means any IP address and port number of the proxy servers into External Proxy Servers setting Enable the Built in Proxy Server Click Apply to save the settings External Proxy Server tem Server IP Port Internal Proxy Server Built in Proxy Server 6 Enabled
35. ES General enter the P address Subnet mask If the DNS ou can get IP settings assigned automatically if your network supports this capability Othenwise vou need to ask your network administrator for Server field is empty select Using the e aar ore IE eee following DNS server addresses and enter aa tomates lla i f Use the following IF add the DNS Server address Then click OK IF oa fess 5 2 Click Advanced to enter the Advanced Subnet mask TCP IP Settings window eal aie Preferred ONS server Alternate DMS server zl 5 3 Click on the IP Settings tab and click Add IP Settings DNS WINS Options below the Default gateways column and IF addresses the TCP IP Gateway Address window will appear Interface metric LQ 5 4 Enter the gateway address of IAC3000 in the 3 x Gateway field and then click Add After Gateway back to the IP Settings tab click OK to Ena complete the configuration Mete ddd Cancel IAC3000 User s Manual Check the TCP IP Setup of Window XP 1 Select Start gt gt Control Panel gt gt Network Control Panel File Edit View Favorites Tools Help Connection Q Bach Q S yo Search E Folders EI Address J Control Panel Vg Control Panel a Accessibility Add Hardware Administrative Date and Time G Switch to Category View Options a Tools See Also SS c 4 Display Folder Options Game Intern
36. F ONDEMAND ondemand O O SIP SIP NIA 174 IAC3000 User s Manual Step 6 Set Policy SZ2 Select Policy 2 from the drop down list box Click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Group Permission for this Service Zone Configure Default Policy in this Service Zone Aa Edit System Policies 5 Enable Email Message for Login Reminding O Disable Edit Mail Message Step 7 Restart the System Click Apply to activate the settings A warning message You should restart the system to activate the changes will appear at the bottom of the page Click the hyperlink of Restart to restart the system and activate all changes you have made A confirmation message of Do you want to restart the system will appear Click Yes to start the restarting process A confirmation dialog box will then pop out Click OK to continue system i User 1 AP i Network _ Configuration Authentication Management Configuration Restart i Change Password x l l Do you want to RESTART the system Backup Restore Settings Firmware Upgrade r pe k Restart Hetwork Utilities Note Please do not interrupt the system during the restar
37. ICMP FIF HTTP HTTPS POP3 SMTP DHCP Global Policy Service Protocols List Description ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP Type Any Code Any TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDF Destination Port 67 58 Select All Firewall Rules Click the number of Filter Rule No to edit individual rules and click Apply to save the settings The rule status will show on the list Check Active box and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time Ho ra Active O Global Policy Firewall Rules Selecting the Filter Rule Number 1 as an example 81 IPSec ae Encrypted Action Name Service Schedule Destination daar Encrypted ANY Block ALL Always ANY ANY Block ALL Always ANY IAC3000 User s Manual Global Policy Edit Filter Rule Rule Item 1 Rule Name po Source Destination Interface ALL ka Interface ALL ka Subnet Mask Subnet Mask trate O Trate Ol MAC Address Serice ALL Ww Schedule
38. Internet Explorer 151 IAC3000 User s Manual Step 5 Click OK to complete the process or click Cancel to revise the data or cancel this transaction Microsoft Internet Explorer X The process may take several minnutes Ls Please DO NOT close or leave this page before getting the result Do vou want to continue the credit card payment process Cancel Step 6 Click Start Internet Access to use the Internet access service Login ID 3739 link Password 46R22E2U Price USD 4 Usage 2 hrs 0 mins ESSID link Your first time login must be done before 2007 03 29 17 31 12 The account is valid within 5 days after your first login Please write down the Login ID and Password immediately Start Internet Access Note The clients must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If clients choose to enter the e mail addresses clients will receive confirmation letters for reference 152 IAC3000 User s Manual Appendix B Accepting Payment via PayPal This section is to show independent Hotspot IAC owners how to configure related settings in order to accept payments via PayPal making the Hotspot an e commerce environment for clients to pay for and obtain Internet access using their PayPal accounts or credit cards Offers instant on demand guest access to Internet Need
39. Invoice text box gt gt Click Search gt gt If transaction records can be found the number of accounts sold is the number of search results gt gt Or click Download To File to download records and then use MS Excel to generate more detailed reports 3 3 Search for The Transaction Details for A Specific Customer Please log in Authorize Net Click Search and Download gt gt Enter the information for a specific customer as criteria gt gt Click Search gt gt Click the Trans ID number to view the transaction details Note For more information about Authorize Net please see http www authorize net 4 Examples of Making Payment for End Users Step 1 Click the link below the login window to pay for the service by credit card via Authorize Net User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In 1 4 User Hama O Password L Remember fle 616 here ig purchase Dy iredi Card Oe Step 2 Choose I agree to accept the terms of use and click Next Service Disclaimer We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us 1f the information you provide cannot be verified we may ask you to send us additional information such as your driver license credit card statement and or a
40. Manual Custom Pages gt gt Login Success Page gt gt Default Page Choose Default Page to use the default login success page Login Success Page Selection for Users Service Zone Default 2 Default Page Template Page Uploaded Page External Page Default Page Setting Service Zone Default This is default login success page for users You could click preview link to preview the default login success page Preview Custom Pages gt gt Login Success Page gt gt Template Page Choose Template Page to make a customized login success page Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result first Login Success Page Selection for Users Service Zone Default Default Page 6 Template Page Uploaded Page External Page Template Page Setting Color for T tle Background select RGB values in hex mode Color for Tithe Text Select RGB values in hex mode Color for Page Background Select RGB values in hex mode JUL Color for Page Text Select RGB values in hex mode Custom Pages gt gt Login Success Page gt gt Uploaded Page Choose Uploaded Page and get the login success page to upload Click the Browse button to select the file for the login success page upload Then click Submit to complete the upload process After the upload process is completed and applied the new login success page can be previewed by clicking Preview button at the bottom
41. Microsoft Metworks Po gt AMD PENET Family Ethernet Adapter PCI 1S4 uso Adapter Remove Properties Frima MHeteork Logon Client for Microsoft Mekwork s a Eile and Print Sharing Description TCP IF ts the protocol vou use to connect to the Internet and wide area networks OF Cancel IAC3000 User s Manual 3 Using DHCP If you want to use DHCP click on se Bindings Advanced NetBIOS the IP Address tab and choose Obtain an IP OAS Configuration Gateway WINS Configuration IP Address address automatically and then click OK An IF address can be automatically assigned to this computer IF Your network does not automatically assign IP addresses ask This is also the default setting of Windows Then pour network administrator for an address and then type it in the space below reboot the PC to make sure an IP address is obtained from IAC3000 Specify an IP address FP feddress Subnet klask Cancel 4 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the IP Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of IAC3000 Note If your PC has been set up completed please inform the network administrator before proceeding to the following steps 4 1 Click on the IP Address tab and choose ICA Ed ES bl A A
42. Name Set a name for the server using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Postfix Set a postfix that is easy to distinguish e g Local for the server using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Black List There are five sets of the black lists Select one of them or choose None For details please refer to 4 2 2 Black List Configuration Group Select one Group from the drop down list box for this specific authentication option Enable Local VPN When Local VPN function is enabled for the authentication option upon the successful login of a client a VPN tunnel will be established between a client s device and the system The data passing through the VPN tunnel are encrypted The system s Local VPN supports end users devices under Windows 2000 and Windows XP SP1 SP2 Note Local VPN in IAC3000 is an additional secure login VPN feature for AC3000 local users subscribers The software design for Local VPN in I AC3000 is tightly coupled with Active X which is supported by Windows platform Internet Explorer where Active X program is supported Authentication Method Select POP3 from the drop down list box and then click POP3 Setting button for further configuration 51 4 2 1 3 IAC30
43. Server a ntps1 pads ufrj br NTP Server 5 ntp1 c mu OZ AU O Set Device Date and Time IAC3000 User Manual 4 1 3 WAN1 Configuration There are 4 methods of obtaining IP address for the WAN Port Static IP Address Dynamic IP Address PPPoE and PPTP Client WAN1 Configuration Static IP Address j Renew WAN1 Port Dynamic IP Address PPPoE Client PPTP Client e Static IP Address Manually specifying the IP address of the WAN port The red asterisks indicate required fields to be filled in WAN2 Configuration WAN2 Configuration None Static IP Address IP Address it subnet Mask i WAN2 Port Default Gateway sg Preferred DNS Server Alternate DNS Server po Dynamic IP Address PPPoE Client IP address the IP address of the WAN1 port Subnet mask the subnet mask of the network WAN1 port connects to Default gateway a gateway of the network WAN1 port connects to Preferred DNS Server The primary DNS server is used by the system Alternate DNS Server The substitute DNS server is used by the system This is an optional field Dynamic IP Address It is only applicable for the network environment where the DHCP server is available on the network Click the Renew button to get an IP address automatically WAN1 Configuration Static IP Address WANI Port fe Dynamic IP Address PPPoE Client PPTP Client 27 IAC3000 User Manual PPPoE Client When selectin
44. Settings Firmware Management AP Upgrade and WSD Management AP List i AP Upgrade j WDS Management A AP Management AP List AP Discovery Manual Configuration Template Settings Firmware Management AP Upgrade WDS Management AP Management The list shows the current AP summary including type name IP MAC and online status li also provides the operations for each AP on reboot enable disable delete apply a new template and to do further examination or detailed configuration This discovery function is to detect the unmanaged APs within LANs and assign the desired IPs for the future management With the AP access information administrator is able to manually or automatically discover AP on the selected LAN s Administrators who are familiar with the new AP can set it up manually by filling in the necessary information There are three templates from the drop down box that can be chosen Administrators can edit template settings here These templates are saved and can be used in Manual Configuration and AP Discovery sections This page lets administrators manage firmwares and shows each firmware s information with operations of download and delete This page shows each AP on name firmware version and the time previously being upgraded Administrators can choose a firmware version from the drop down box to upgrade APs Several AP upgrades can be processed simultaneously by checkin
45. User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In sername E Password Nemo EEEE RS RR ATE A I RT I ETTET O I SETS Y Submit J Remaining Remember Me lv Hospitality Solution Netcomm Limited Official Website Caution To use the domain name the AC3000 has to connect to DNS server first or this function will not work 113 IAC3000 User s Manual 4 4 5 Proxy Server Properties AC3000 supports Internal Proxy Server and External Proxy Server functions External Proxy Server ltem Server IP Port Internal Proxy Server Built in Proxy Server Enabled Disabled External Proxy Server Under the AC3000 security management the system will match the External Proxy Server list to the end users proxy setting If there isn t a matching then the end users will not be able to reach the login page and thus unable to access the network If there is a matching then the end users will be directed to the system first for authentication After a successful authentication the end users will be redirected back to the desired proxy servers depending on various situations Internal Proxy Server AC3000 has a built in proxy server If this function is enabled the end users will be forced to treat IAC3000 as the proxy server regardless of the end users original proxy settings 114 IAC3000 User s Manual 4 4 6 Dynamic DNS IAC3000 provides a
46. dash underline _ and dot within a maximum of 40 characters All other characters are not allowed A postfix is used to inform the system which authentication option is used for authenticating an account e g bob MelbourneLdap or tim SydneyRadius when multiple options are concurrently in use One of authentication options can be assigned as default The postfix can be omitted only when the default authentication option is used For example if MelbourneLdap is the postfix of the default option Bob can log in with either bob or bob MelbourneLdap as his username Black List There are five sets of the black lists A user account listed in the black list is not allowed to log into the system Select one black list from the drop down list box to be applied to this specific authentication option Group Select one Group from the drop down list box for this specific authentication option Enable Local VPN When Local VPN function is enabled for this authentication option upon a successful login of a client a VPN tunnel will be established between a client s device and the system The data passing through the VPN tunnel are encrypted The system s Local VPN supports client devices under Windows 2000 and Windows XP SP1 SP2 Note Local VPN in IAC3000 is an additional secure login VPN feature for AC3000 local users subscribers The software design for Local VPN in I AC3000 is tightly coupled with Active X which is
47. demand Account List View 1 General Settings This is the common setting for the On demand User authentication option The generated on demand users and all accounts related information such as postfix and unit will be shown in this list General Settings Postfix ondemand l None O usp O cep O EUR Monetary Unit D po Input other desired monetary unit e g AU Group Name WLAN ES SID NetComm 1403000 Remaining Volume ae Sync Interval 10min s O 15min s O Dmin s Terminal Server Configuration Postfix Postfix is used to inform the system which type of authentication database to be used for authentication when multiple databases are concurrently in use Enter the postfix used for on demand users Monetary Unit Select the desired monetary unit or specified the unit by users Group Name Select the desired group for on demand user WLAN ESSID The administrator can enter the defined wireless ESSID in this field and it will be printed on the receipt for on demand users reference when accessing the Internet via wireless LAN service The ESSIDs given here should be those of the Service Zones enabled for On demand Users Wireless Key The administrator can enter the defined wireless key such as WEP or WPA in the field The Wireless Key will be printed on the receipt for the on demand users reference when accessing the Internet via wireless LAN service Remaining Volume Sync Internal While
48. destination IP addresses o Source Destination Subnet Mask Enter the source and destination subnet masks o Source MAC Address The MAC Address of the source IP address This is for specific MAC address filter o Source Destination IPSec Traffic Check the box to filter the encrypted traffic only o Service Protocol Select a defined protocol from the drop down list box o Schedule Defines the time when this firewall rule will be activated When a schedule is selected the clients assigned to this Policy are applied with the firewall rule only within the time selected There are three options Always Recurring and One Time o Action for Matched Packets There are two options Block and Pass Block is to prevent packets from passing while Pass Is to permit packets passing Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a Policy When Specific Default Route is enabled all clients applied with this Policy will access the Internet through this default gateway Policy 1 Specific Default Route Enable Default Gateway Policy 1 Specific Route Profile Destination Gateway Route Item IP Address Subnet Netmask IP Address 1 Do 2 255 255 255 255 132 4 po Click Setting of Specific Route Profile to enter the Specific Route page for further configuration 85 IAC3000 User s Manual o Enable Check Enable box to activate this function or uncheck to ina
49. login with SIP Authentication Be noted that the specific route of the applied Policy for the selected Group cannot conflict with the assigned WAN interface for SIP authentication 73 IAC3000 User Manual 4 2 2 Black List Configuration The administrator can add delete or edit the black list for user access control Each black list can include up to 40 users Users accounts that appear in the black list will be denied of network access The administrator can use the pull down menu to select the desired black list Black List Configuration Select Black List 1 Blacklist Name Blacklist User Remark Add User s Select Black List There are 5 lists to select from for the desired black list Name Set the black list name and it will show on the drop down box above Add User to List Click the hyperlink to add users to the selected black list Add Users to Blacklist Blacklist1 Item Username Remark After entering the usernames in the Username blanks and the related information in the Remark blank not required click Apply to add the users User James has been added E Add Users to Blacklist Add Users to Blacklist Blacklist1 Item Username Remark _ 2 Black List Configuration Select Black List 1 Blacklist Name Blacklist User Remark James Hacker Add Users 74 IAC3000 User Manual If removing a user from the black list is desired select the user s De
50. medium business networking The wizard will guide you through the process of creating a 4 WAN1 Configuration baseline strategy Please follow the wizard step by step to configure IAC3000 eu WAN Traffic Settings LAN Port Mapping A Q Service Zones 3 Running Configuration Wizard A welcome screen that briefly introduces the 6 steps will appear Click Nextto begin http 192 166 30 1 SystemContiguration wizard_1 shtrolfinitial 1 NEILOMM l IAC3000 Internet Access Controller EVE ECO RT COLAU Configuration Wizard Welcome to the Setup Wizard The wizard will quide you through these 6 quick steps Begin by clicking on Next Step 1 Change Admin s Password Step 2 Choose System s Time Zone Step 3 Set System Information Step 4 Select the Connection Type for WAN Port Step 5 Add Local User Account Optional Step 6 Save and Restart lAC3000 Note During every step of the wizard if you wish to go back to modify the settings please click the Back button to go back to the previous step Step 1 Change Admin s Password gt Enter a New Password for the admin account and retype it in the Verify Password field 20 character maximum and no spaces 11 IAC3000 User Manual gt Click Next to continue Melom l IAC3000 Internet Access Controller EP ECON Step 1 Change Admin s Password You may change the Admin s account password by entering a new passw
51. mode management interface on the serial port console printer port 122 IAC3000 User s Manual 4 5 2 Backup Restore Setting This function is used to backup restore the AC3000 settings Also IAC3000 can be restored to the factory default settings here Backup current system settings Restore system settings Reset to the factory default settings e Backup current system setting Click Backup to create a db database backup file and save it on disk File Download Do you want to open or save this file 4 Name 200901273 db Type Data Base File From 192 168 30 1 While files from the Internet can be useful some files can potentially harm pour computer IF vou do not trust the source do not open or save this file What s the risk e Restore system setting Click Browse to search for a db system setting file that backed up from the lAC3000 and click Restore to restore settings e Reset to the factory default settings Click Reset to load the factory default settings of IAC3000 123 IAC3000 User s Manual 4 5 3 Firmware Upgrade IAC3000 device firmware upgrade is performed in this section of the web management interface Click Browse to search for the firmware file and click Apply to process firmware upgrade The firmware upgrade process may take a few minutes to complete and the system needs to be restarted to make the new firmware become effective Firmware Upgrade Current Version Note For m
52. ons might prevent some webpages from woking correct Show Add ons that have been used by Intemet Explorer w Hame Publisher Status Type File 5 Research Enabled Browser Extension S Shockwave Flash Object Adobe Systems Incorpora Enabled Activex Control Flast A Skype Skype Technologies 54 Enabled Browser Extension Skyp i S Skype add on mastermind Skype Technologies 54 Enabled Browser Helper Object Skyp gt WENClient ipsec NebComm Limted Enabled Acthex Control WPRIC 35 Windows Live Messenger Microsoft Corporation Enabled ActiveX Control MSG aj Windows Media Player Microsoft Corporabion Enabled Activex Control WIMp S Windows Messenger Enabled Browser Extension 4 ML DOM Document Microsoft Corporation Enabled ActiveX Control msm ajm DOM Document 3 0 Microsoft Corporation Enabled ActiveX Control mani 5 3ML HTTP 3 0 Microsoft Corporation Enabled Activex Control mson ML HTTP 4 0 Microsoft Corporation Enabled Activex Control mem gt seling Delete Actives Click an add on name above and 3 Enable Click the name of an and then chek Enable or Disable pa Active control above and Delete O Disable then click Delete Dowload new add ons for Intemel Explores a VETAS eee arni CT From Windows Internet Explorer click Manage add ons button inside Programs page under Tools to show the add ons programs list You can see VPNClient ipsec is enabled 205 IAC3000 User s Manual During the first tim
53. or password IAC3000 User s Manual NetComm Review your payment PayPal 2 Secure Payments If the information below is correct click Pay Now to complete your payment Learn more about how PayPal withdraws funds Description Unit Price Quantity Amount Internet access 100 Mbyte s 20 00 1 20 00 Username p7yc Your first time login must be done before 2009 01 29 09 39 43 The account is worth 100 Mbyte s of usage and is valid within 2 days after your first login Special Note to Seller Total 20 00 AUD Enter gift voucher reward or discount Payment Method PayPal Balance 20 00 AUD Change NetComm You Made A Payment PayPal Secure Payments Your payment for 20 00 AUD has been completed You are now being redirected to NetComm If you are not redirected within 5 seconds click here PayPal Safe Simple Smart For more information read our Product Disclosure Statement User Agreement and Privacy Policy Copyright 1999 2009 PayPal Inc All rights reserved PayPal Australia Pty Limited ABN 93 111 195 339 AFSL 304962 Any general financial product advice provided in this site has not taken into account your objectives financial situations or needs 162 IAC3000 User s Manual Step 5 Click Start Internet Access to use the Internet access service Welcome to NetComm Internet Access Login ID d d5 ondemand Password 9322xkh8 Price AUD 20 Usage 100 Mbyte s ESsiD NetComm AC 30
54. page for Instant upload Then click Submit to complete the upload process Login Success Page Selection for On demand Users Service Zone Default O Default Page O Template Page Uploaded Page O External Page Upload Login Success Page for On demand User File Name Existing Image Files Total Capacity 512 K Now Used 0 K Upload Image Files Upload Images Preview 217 IAC3000 User s Manual Custom Pages gt gt Login Success Pages for On demand Users gt gt External Page Choose the External Page selection and get the login success page from the specific website In the External Page Setting enter URL of the external login page and then click Apply After applying the setting the new login success page can be previewed by clicking Preview button at the bottom of this page Login Success Page Selection for on demand Users Service Zone Default Default Page Template Page Uploaded Page External Page External Page Setting External URL http Previews 5 Custom Pages gt gt Logout Success Page The administrator can apply their own Logout Success page for Users in the menu As the process is similar to that of the Login Page please refer to the Login Page instructions for more details Custom Pages gt gt Logout Success Page gt gt Default Page Choose Default Page to use the default logout success page Logout Success Page Selection for Users Service Zone De
55. the Service Zone gt Status Each Service Zone can be enabled or disabled gt Details Configurable detailed settings for each Service Zone Click Configure button to configure each Service Zone Basic Settings SIP Interface Configuration Authentication Settings Wireless Settings and Managed AP in Each Service Zone 37 IAC3000 User Manual 1 Service Zone Settings Basic Settings Basic Settings Service Zone Status Enable Service Zone Name Operation Mode G NAT Router Network Settings IP Address 192 168 30 1 subnet Mask 2 Disable DHCP Server Enable DHCP Server Start IF Address 192 168 30 2 End IP Address 192 166 30 100 Preferred DNS Server 1192 168 30 1 DHCP Server Settings Alternate DNS Server Domain Name WINS Server IP fr Lease Time Reserved IP Address List Enable DHCP Relay gt Service Zone Status Each service zone can be enabled or disabled except for the default service zone gt Service Zone Name The name of service zone could be input here gt Network Settings o Operation Mode Contains NAT mode and Router mode When NAT mode is chosen the service zone runs in NAT mode When Router mode is chosen this service zone runs in Router mode o IP address The IP Address of this service zone o Subnet Mask The subnet Mask of this service zone gt DHCP Server Settings Related information needed on setting up the DHCP Server is listed here Please note tha
56. the wireless network Select from a range of transmission speed is desired or keep the default setting Auto to make the Access Point automatically use the fastest rate possible Fragment Length Breaking a packet into smaller units when transmitting over a network medium that cannot support the original size of the packet RTS Threshold Enter the desired RTS Threshold value the range is from 0 to 2347 and the default is 2347 Beacon Interval ms Enter a value between 20 and 1000 msec The default value is 100 milliseconds The entered time means how often the beacon signal transmits between the access point and the wireless network Preamble Select from either Short Preamble or Long Preamble the short preamble provides 56 bits Synchronization field to improve WLAN transmission efficiency Transmit Power Choose the suitable value from the drop down box Wireless QoS WMM Enable or disable QoS and WMM WMM maintains the priority of audio video and voice applications in a Wi Fi network Wireless Client Isolation Enable or disable Client Isolation Client Isolation prevents wireless client to wireless client traffic IAPP Inter Access Point Protocol is designed for the enforcement of unique association throughout a ESS Extended Service Set and for secure exchange of station s security context between current access point AP and new AP during handoff period Access Control In this function when the status is Allowed onl
57. to a certain Group of users Global Policy is the system s universal policy and applied to all clients while other individual Policy can be selected and defined to be applied to any Service Zone The clients belonging to a Service Zone will be bound by an applied Policy In addition a Policy can be applied at a Group basis a Group of users can be bound by a Policy The same Group can be applied with different Policies within different Service Zones When the type of authentication database is RADIUS the Class Group Mapping function will be available to allow the administrator to assign a Group for a RADIUS class attribute therefore a Policy applied to this Group will be mapped to a user Group of a RADIUS class attribute When the type of authentication database is LDAP the Attribute Group Mapping function will be available to allow administrator to assign a Group for LDAP Attribute therefore a Policy applied to this Group will be mapped to a user Group of a LDAP attribute When the type of database is SIP the Group selection function will be available to allow administrator to assign a Group option for all SIP clients 4 2 4 1 Global Policy Global is the system s universal policy including Firewall Rules Specific Routes Profile and Maximum Concurrent Session which will be applied to all users unless the user has been regulated and applied to another policy Policy Configuration Global Policy Select Policy Global Firewal
58. within a zone 12 sets of policy profiles including Firewall Profile Specific Route Profile Schedule Profile and Session Limit Management can be defined Additional configurations are in this section They are User Session Control Built in RADIUS Server Settings Customization Remaining Time Reminder and MAC ACL The administrator can control user session such as idle timeout in User Session Control Three fuctions are provided in Builtin RADIUS Server Settings such as session timeout In Customization the administrator can upload certificate to the system Remaining Time Reminder provides remaining time information to clients on the screen The administrator can manage the access control to the system via clients MAC address in the MAC ACL Access Control List Q IAC3000 User Manual Operator The operator can only access the area of Create On demand User to create and print out the new on demand user accounts User Name operator Password operator gt HEE Gatewa HER Wirele y Password eecccece Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In operator j HEH E a j HE mm paien HHHH EEEH HE HEN H Hf jii iii
59. 00 Vaild To Use Until 2009 01 29 10 03 35 Please write down the Login 1D and Password immediately j Hello you are logged in via d9d5 ondemand E Sa p n 0 A p F noo t 1 7 To A Su ed To log out please click the Logout button Remaining Usage 9911 1024K bytes Login time 2009 1 27 10 17 50 Start Browsing Note 1 Payment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button you will be redirected to PayPal s site to make payment 2 Please do not manually close the browser when you reach PayPal s payment confirmation page lt takes about 30 seconds or more before you are automatically redirected back to our website with a set of Login ID and Password 163 IAC3000 User s Manual Appendix C Service Zone Deployment Example Port Based Service Zone In Port Based mode each LAN port can only serve traffic from one Service Zone An example of network application diagram is shown as below one Service Zone for Employees and another for Guests ISP 2051 Coble Modem WANI Loyer2 Switch a E layer switch for Guests for Employees Note The switches deployed under AC 3000 in Port Based mode must be Layer 2 switches only e Configuration Steps for Port Based Service Zones Step 1 Configure Serv
60. 00 User Manual ee saa TN Secondary POP3 Server ME ee SSL Setting C Enable SSL Connection e Server IP The IP address of the external POP3 Server e Port The authentication port of the external POP3 Server e SSL Setting The system supports POP3S Check the check box beside to Enable SSL Connection to POP3S RADIUS The system supports authentication by an external RADIUS authentication server by functioning as a RADIUS authenticator for the RADIUS server The system is capable of supporting two RADIUS servers primary and secondary for fault tolerance Authentication Method RADILIS Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Postfix Set a postfix that is easy to distinguish e g Radius by using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed A postfix is used to inform the system which authentication option is used for authenticating an account e g bob MelbourneLdap or tim SydneyRadius when multiple options are concurrently in use One of authentication options can be assigned as default The postfix can be omitted only when the default authentication option is used For example if MelbourneLdap is the postfix of the default option Bob can log in with eith
61. 1 36 198 icmp_s 64 bytes from Howww wip sp1 yahoo com 209 131 36 158 icmp_s 64 bytes from Howww wip sp1 yahoo com 209 131 36 158 icmp_s 64 bytes from HA wwwwip sp1 yahoo com 209 131 36 198 icmp_s Result www yahoo ht3 akadns net ping statistics 4 packets transmitted 4 received 0 packetloss time 3091ms tt min ava mawmdev 154 933 237 035 320 277 81 918 ms gt Wake on LAN It allows the system to remotely boot up a power down computer with Wake On LAN feature enabled and is on the LAN side Enter the MAC Address of the desired device and click Wake Up button to execute this function gt Ping It allows administrator to detect a device using IP address or Host domain name to see if it is alive or not gt Trace Route lt allows administrator to find out the real path of packets from the gateway to a destination using IP address or Host domain name gt ARP Table It allows administrator to view the IP to Physical address translation tables used by address resolution protocol ARP 126 IAC3000 User s Manual 4 6 Status This section includes System Status Interface Status Routing Table Current Users Traffic History and Notification Configuration to provide system status information and online user status Metboum 2 sa IH 7A IAC3000 Internet Access Controller Y Help MM FERCOINTL COM i System j Wi AP WT Network TEM Configuration J i Configuration z re SSK SYS A O M es
62. 2 bytes trange 1000 14023 Clamp MSs 1200 bytes rrange 980 1400 Dial on Demand Enabled Disabled 30 IAC3000 User Manual 4 1 5 WAN Traffic Settings The section is for administrators to configure the control over the entire system s traffic though the WAN interface WAN1 and WANZ2 ports WAN Traffic Settings WAN Traffic Settings Available Bandwidth PRIME Kbps Range 10 100000 a ee Downlink Kbps Range 10 100000 Target for detecting Internet connection IP Domain Name Connection Detection P Domain Name Po WAN bas ii IPF Domain Name Po Enable Load Balancing Enable WAN Failover LI Warning of Internet Disconnection Available Bandwidth on WAN Interface Uplink It specifies the maximum uplink bandwidth that can be shared by clients of the system Downlink lt specifies the maximum downlink bandwidth that can be shared by clients of the system Connection Detection amp WAN Failover Target for detecting Internet connection These URLs are used by the system as the targets to detect Internet connection for alerting Internet disconnection and WAN Failover At least one URL is required to enable WAN Failover Enable Load Balancing Outbound load balancing is supported by the system When enabled the system will allocate traffic between WAN1 and WAN2 dynamically according to designed algorithms based on the weight ratio gt WAN1 Weight The percentage of traffic through WAN1 R
63. 2 168 31 1 Subnet Mask 255255 255 0 Utilities System Information poa VLAN agn WLAN Applied Default m se Tag Encryption Policy Authentication WAN Configuration NetCom Default m_AC3 Mone Policy 1 Server 1 WAN Configuration 000 WAN Traffic Settings Guest 1 mJAC3 None Policy dit a si 000 1 IAC3000 User s Manual Status Details Enable In the Authentication Settings section check the Default button and Enable box of Guest Users to set ONDEMAND authentication method as default Disable all other authentication options Authentication Settings Authentication Status Enable Disable Auth Auth Option neice Postfix Server 1 LOCAL local O Server 2 POP3 pop3 O Authentication Options Server 3 RADIUS radius O Server 4 LDAP Idap O bgph gp gp Default Enabled Click Apply to activate the settings A warning message You should restart the system to activate the changes will appear at the bottom of the page Click the hyperlink of Restart to restart the system and activate all 173 IAC3000 User s Manual changes you have made Group Permission for this Service Zone Default Policy in this Service Zone A Edit System Policies Email Message for Login Reminding eEnable ema mess age Disable Step 4 Configure Service Zone 2 for Employee Select the Service Zones tab and click Configure of SZ2 Network 7 f J
64. 20 e 100 Mbyte s AUD 20 oF hecomm_ fex Email orname Note Aj Paymentis accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button you will be redirected to PayPal s site to make payment B Please dont manually close the browser when you reach PayPal s payment confirmation page lttakes about 30 seconds or more before you are automatically redirected back to our website with a set Password Microsoft Internet Explorer IAC3000 User s Manual of Login ID and Do vou want to purchase the internet service through PoyPal s website y AE j Mote You dont necessarily need a PayPal account to do a credit card payment on PayPal s website Step 4 You will be redirected to PayPal website to complete the payment process NetComm Internet access 2 hrs 0 mins Pay with Credit Card or Log In Learn more about PayPal the safer easier way to pay Enter your billing information Country First Name Last Name Credit Card Number Payment Type Expiry Date Billing Address Line 1 Billing Address Line 2 optional Town City Australia v vISA csc What s this 161 Total 20 00 USD PayPal 2 Secure Payments Already have a PayPal account Please log in Email L Password Forgot email address
65. 4 4 2 Privilege List There are two parts Privilege IP Address List and Privilege MAC Address List which can be set Privilege List Privilege IP Address List Privilege MAC Address List e Privilege IP Address List If there are some workstations belonging to the managed server that need to access the network without getting authenticated enter the IP addresses of these workstations in this list The Remark blank is not necessary to be filled in but is useful in record keeping lAC3000 allows 100 privilege IP addresses at most These settings will become effective immediately after clicking Apply Privilege IP Address List Item Privilege IP Address Remark Warning Permitting specific IP addresses to have network access rights without going through standard authentication process at the controlled port may cause security problems e Privilege MAC Address List In addition to the IP address the MAC address of the workstations that need to access the network without getting authenticated can also be set in this list IAC3000 allows 100 privilege MAC addresses at most It is possible to manually create the list by entering the MAC address the format is xx xx xx Xx Xx xXx as well as entering the remark not required These settings will become effective immediately after clicking Apply 108 IAC3000 User s Manual Privilege MAC Address List Item MAC Address Remark 10 Total 100 First Prey Next Last Warning
66. AP and not necessary to configure the AP individually There are three templates provided Click Edit to go on configuration Template Settings AP Type NP725 Template Name TEMPLATE1 Before configure the template copy the configuration mode of an AP to the template by selecting a Source AP and without configuring the template from the beginning administrators can also revise some settings for demand If copy is not desired please select NONE Input the Template Name and Template Remark and click the button of Configure to go on configuration Template Edit Template Name Template Source Template Remark gt Template Edit Here is the section that administrators can configure template name template source and template remark gt Template Name The name shown for this particular template will change according to what given by administrators gt Template Source Select an existing AP and click Apply to save its settings as the template settings After entering the interface revise the configuration for demand and change administrator s password if desired About other function settings please refer to 4 3 1 AP List e Template Editing The administrator can set the template configuration manually Click Configure button to have detailed configurations 101 4 3 5 Firmware Management IAC3000 User s Manual Preloaded Firmware displays the current version of the AP s firmware New firmware can be uploaded he
67. ASID NAS Port Type Class Group Mapping Server IP Authentication Port Accounting Port Secret Key Authentication Protocol Server IP Authentication Port Accounting Port Secret Key Authentication Protocol RADIUS Setting Enabled Disabled O Complete 2 9 user1 company com Only ID e g user1 Default 19 Range 0 35 Edit Class Group Mapping Primary RADIUS Server Domain Name IP Address Default 1812 ll Default 1813 Enabled Disabled PAP w Secondary RADIUS Server Domain Name IP Address Hy Enabled Disabled a 802 1X Authentication The system supports 802 1X When 802 1X Authentication is enabled the 53 IAC3000 User Manual Local Authentication Database will be used as a RADIUS database for connection with 802 1X enabled devices such as access points or switches When the option is enabled the hyperlink of Radius Client List will appear Click the hyperlink of Radius Client List to enter the Radius Client Configuration page Choose a desired type from Disable Roaming Out or 802 1X Enter the IP Address Segment Subnet Mask and Secret Key of 802 1X clients Click Apply to complete the settings Radius Client Configuration E 8021 we 9246800 255 255 255 254 131 M e Trans Full Name When Complete option is checked both the username and postfix will be transferred to the RADIUS server for authentication On the other hand
68. Act 1974 and corresponding State and Territory Fair Trading Acts or legalisation of another Government the relevant acts in certain circumstances imply mandatory conditions and warranties which cannot be excluded This warranty is in addition to and not in replacement for such conditions and warranties To the extent permitted by the Relevant Acts in relation to your product and any other materials provided with the product the Goods the liability of Nettomm under the Relevant Acts is limited at the option of NetComm to e Replacement of the Goods or e Repair of the Goods or e Payment of the cost of replacing the Goods or e Payment of the cost of having the Goods repaired All NetComm ACN 002 490 486 products have a standard 12 months warranty from date of purchase However some products have an extended warranty option refer to packaging To be eligible for the extended warranty you must supply the requested warranty information to NetComm within 30 days of the original purchase by registering on line via the NetComm web site at www netcomm com au 221 NEICOMMT WWW NE CO MIN COM IU Product Warranty NetComm products have a standard 12 months warranty from date of purchase However some products have an extended warranty option via registering your product online at the NetComm website www netcomm com au Technical Support If you have any technical difficulties with your product please refer to the suppo
69. Authorize Net PayPal Secure Pay and Disable 62 IAC3000 User Manual External Payment Gateway External Payment Gateway Authorize Net PayPal SecurePay 2 Disable Authorize Net Before setting up Authorize Net it is required that the merchant owners have a valid Authorize Net account Please see Appendix A Accepting Payments via Authorize Net for more information about opening an Authorize Net account relevant maintenance functions and an example for end users External Payment Gateway Authorize Net PayPal O SecurePay Disable Authorize Net Payment Page Configuration Merchant LogintD Merchant Transaction Key Payment Gateway URL https secure aut a Verify SSL Certificate Enable Disable Test Mode O Enable Disable Try Test MOS Hash Enable Disable gt Authorize Net Payment Page Configuration Merchant ID This is the Login ID that comes with the Authorize Net account Merchant Transaction Key The merchant transaction key is similar to a password and is used by Authorize Net to authenticate transactions Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Authorize Net MD5 Hash If transaction responses need to be encrypted by the Payment Gateway enter and confirm a MD5 Hash Value and select a reactive mode The MD5 Hash
70. Bindings Advanced NetBIOS Specify an IP address Enter the P DNS Configuration Gateway WINS Configuration IP Address Address Subnet Mask and then click OK An IP address can be automatically assigned to this computer IF pour network does not automatically assign IF addresses ask your network administrator for an address and then type it in the space below IP Address ak cance _ 191 IAC3000 User s Manual 4 2 Click on the Gateway tab Enter the gateway 7 Bindings Advanced NetBIOS address of IAC3000 In the New gateway DNS Configuration Gateway MTRS Configuration IP Address field and click Add Then click OK The first gateway in the Installed Gateway list wall be the default The address order in the list will be the order m which these machines are used New gateway rt ddd gt Installed gateways Cancel 4 3 Click on DNS Configuration tab If the DNS oe P a Bindings Advanced NetBIOS Server field IS empty select Enable DNS DHS Configuration Gateway WINS Configuration IP Address and enter DNS Server address Click Add and then click OK to complete the Host Domain DAS Server Search Order Eemowve configuration Domain Sufix Search Order Check the TCP IP Setup of Window 2000 iol x File Edit View Favorites Tools Help Ea 1 Select Start gt gt Control Panel gt gt Network and b
71. Bytes Pkts Pkts n Out In Out Message Roaming In Traffic History As shown in the following figure each line is a roaming in traffic history record consisting of 15 fields Date Type Name NSID NASIP NASPort UserMAC UserlP SessionID SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming In Traffic History 2009 01 23 Date Type Name NASID NASIP NASPortUserMAC UseriP SessionID SessionTime PYteS Bytes PktsPkts In Out In Out Message SIP Call Usage Log The log provides the login and logout activities of SIP clients device and soft clients such as Start Time Caller Callee and Duration seconds 136 IAC3000 User s Manual SIP Call Usage Log Start Time Caller Callee Duration seconds Monthly Network Usage of Local User The system will record the network usage of local users every month In addition the data will be stored locally for up to two months and can be exported as a text file in CSV format As follows are the descriptions of fields in the usage record Monthly Report 2009 01 Username Connection Time Usage Packets In Bytes In Packets Out Bytes Out test 6 mins 30 secs 2429 300 9E 111 323 5K Total 1 First Prev Next Last gt Username Username of the local user account gt Connection Time Usage The total time used by the user gt Pkts In Pkts Out The total number of packets received and sent by the user gt Bytes In Bytes Out The total number o
72. C IP list Change the account name accordingly if the name is not identifiable in the record Note Only 31 characters are allowed for the combination of Session Type plus Username bir The destination Pakress ofthe user s computer or devies 183 IAC3000 User s Manual gt An example of session log data is shown as below 27 Jan 12 35 05 2009 New juser1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1626 DIP 203 125 164 132 DPort 80 27 Jan 12 35 05 2009 Newjuser1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1627 DIP 203 125 164 132 DPort 80 27 Jan 12 35 06 2009 New user1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1628 DIP 203 125 164 142 DPort 80 27 Jan 12 35 06 2009 New juser1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1629 DIP 203 125 164 142 DPort 80 27 Jan 12 35 07 2009 NewJuser1 WMlocal TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1630 DIP 67 18 163 154 DPort 80 27 Jan 12 35 09 2009 New juser1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1631 DIP 202 43 195 52 DPort 80 27 Jan 12 35 10 2009 New juser1 local TCP MAC 00 09 6b cd 83 8c SIP 10 1 1 37 SPort 1632 DIP 203 84 196 242 DPort 80 184 IAC3000 User s Manual Appendix F Network Configuration on PC amp User Login Network Configuration on PC After AC3000 is installed the following configurations must be set up on the PC Internet Connection Setup and TCP IP Network Setup e Internet Connection Setup Win
73. Group Option column to enter the Group Configuration tab where zone permission and policy assignment can be further configured refer to Section 4 2 3 Group Configuration Group Permission for this Service Zone Default Policy in this Service Zone Edit System Policies Email Message for Login Reminding Enable Edit Mail Message Joh Disable T Group Permission Service Zone Default Group Option Enabled Policy Edit Group Option Group 1 Group 1 Group 2 Group 2 Group 3 Group 3 Group 4 Group 4 Group 5 Group 5 Group 6 Group 6 Group 7 Group 7 Group 8 Group 8 gt Default Policy in this Service Zone For each Service Zone one policy can be applied to enforce the access control over the users Please refer to 4 2 4 Policy Configuration tor complete description gt Email Message for Login Reminding When enabled the system will automatically send an email to users if they attempt to send receive their emails using POP3 email program for example Microsoft Outlook before they are authenticated Click Edit Mail Message to edit the message in HTML format 4 Service Zone Settings Wireless Settings Wireless Settings Set SSID Authentication Access Point Security L Enable 802 1X Authentication gt Set SSID Each service zone can be mapped with its own SSID gt Access Point Security For each service zone administrators can set up the wireless security profile including Authentication and Encryption 5
74. IP Address PPPoE Client WAN Port e None The WANZ2 Port is disabled e Static IP Address Manually specifying the IP address of the WAN port The red asterisks indicate required fields to be filled in WAN2 Configuration Mone ei Static IP Address IF Address Subnet Mask WAN Port Default Gateway Preferred DNS Server Alternate DANS Server O Dynamic IP Address PPPoE Client IP Address the IP address of the WANZ2 port Subnet Mask the subnet mask of the network WAN2 port connects to Default Gateway a gateway of the network WANZ2 port connects to Preferred DNS Server The primary DNS server is used by the system Alternate DNS Server The substitute DNS server is used by the system This is an optional field e Dynamic IP Address It is only applicable for the network environment where a DHCP server is available Click the Renew button to get an IP address WAN2 Configuration None Static IP Address O Dynamic IP Address PPPoE Client WAN Port 29 IAC3000 User Manual PPPoE Client When selecting PPPoE to connect to the network please set the UserName and Password There is a Dial on demand function under PPPoE If this function is enabled Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WAN2 Configuration Mone Static IP Address O Dynamic IP Address 2 PPPoE Client Username MTU 149
75. Interface Select Factory Default in the section of Admin Setting Recommended If using the certain range of IP address type the address in Manual selection Then start scanning the new APs in the specific range of IP addresses by clicking Scan Now bution 98 IAC3000 User s Manual AP Discovery AP Type NP725 Interface Factory Default Admin Settings Used IP gt ala to Discover Login ID admin Password admin Manual Scan Now After scanning new APs will be listed in the Discovered AP List Click the desired names of Service Zone for Tag based mode Add the selected AP to the list by checking the AP and clicking Add button Discovered AP List IP Address AP Hame Template po AP Type Service Zone Add MAC Address Password Channel o 192 169 25 1 admin TEMPLAT BETI NP725 Employee OO 60 6427 10 12 admin auto e Guest o Tag Based mode In Tag based mode the name of service zone has been selected in the Interface such as Guest or SZ1 Select Factory Default in the section of Admin Setting Recommended Then start scanning the new APs in the IP address by clicking Scan Now button AP Discovery AP Type NP725 Interface Factory Default Admin Settings Used IP PES a 68 25 1 to cer Login ID admin Password admin Manual Scan Now After scanning new APs will be listed in the Discovered AP List Click the desired names of Service Zone for tag based mode Add the selected AP to the list
76. Invoice Number Hotspotrk ooo0o004 x P Change the Number Description Item Name Internet Access z Title for Message to Seller Special Note to Seller z 2 4 Send an email receipt for each transaction to the merchant A copy of email receipt with payment details including available message note from buyer for each successful transaction will also be automatically sent to the merchant owner administrator via PayPal 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction activity during a period 1 Please log in PayPal gt gt Click History gt gt Choose activity type from the Show field as the search criteria gt gt Specify the dates From and To fields for the period gt gt Click Search 158 IAC3000 User s Manual Overview Add Funds Withdraw Resolution Center Profile History wiew up to three months of monthly account statements lew this Search O wine From y Month Day Year DC Y Y Month Day Year 3 2 Search for the transaction details for a specific customer Please log in PayPal gt gt Click History gt gt Click Advanced Search gt gt Enter the name for a specific customer as criteria in the Search For field and Choose Last Name or First Name in the In field gt gt Specify the time period gt gt Click Submit gt gt Click Details to view the transaction details Overview Add Funds Withdraw Resolution Center Profile
77. MeN l IAC3000 Internet Access Controller WWW NEtComIin COm aqu User Guide IAC3000 User Guide www netcomm com au Table of Contents Chapter E Before VOTE A AA 1 1 1 PU OSS cre l 12 Document COn ven Orasa cab toids paa l Chapter 2 System OVeIViLCW A iii ia R EEES aae 2 A tod CHAR ALAS a cia teat loo dado 2 22 SYSTEM CONC iS 2 ZE Capacity and Perroni iio 3 Chapter 3 Base Installation nana bin 4 3 1 Carla O a e e dl 4 Fall System RC QUI CIMCIUS so bancada 4 O A A E 4 SS Panel Funcion Descriptions acid ia 5 JAA Tstalaton EPS ia 6 3 2 SOR WateC ONMSULAUION sci tees ceteats eas Cinta Oe Ueessine eileen Cake Onteenn 7 7 Quick OM MGULALION acca ieee tet Seas eda sd atest wie ee sae E E E mdseh ucts 7 B22 Usero m Ponal PIE dad td al ORT 18 Chapter 4 Veb Interjace Con UFO AA AAA a 22 4 1 Diy SECM CONI UTA ON a a A a A N 29 Aled Connorin Wizarde aa a a a E 24 AZ SNS INN Oa orcas 25 AND WANT CONSTA A a a E tecseacenee 27 AtA WAN 2 CONSTA OB td ana E N NT R E N A A 29 AtS WAN MaMe Setin Si toi 31 LLG ALAN POLL Mapping ala 33 AL SVIC LO ia dE SA AA SE idos 36 4 2 User Atenco 43 42 Authentication Confieurat OM seerne nee E adie E Ar AERES EREA A PETE EENES 44 4 2 1 1 A OS 46 4 2 1 2 POP la idos 51 4 2 1 3 NADO Sat taa E E td ate 52 4 2 1 4 A O 55 4 2 1 5 NT DOMA M eree A 0 TI E O EE antacid 57 4 2 1 6 ONDEMA ND ses mat A A dt 59 4 2 1 7 A RR 73 A As ocsarahacnete a a Milena t
78. N 207 IAC3000 User s Manual General Support General Authentication Advanced Conector Internet Connection Firewall Status Connected _ Protect my computer and network by limiting or preventing 5 days 04 59 39 access to this computer from the Internet Duration Speed 100 0 Mbps Learn more about Internet Connection Firewall Internet Connection Sharing Allow other network users to connect through this Activity computer s Internet connection Received Packets 176578 Learn more about Internet Connection Sharing 2 IM Cancel Suggestion Please TURN OFF Internet Connection Firewall feature or upgrade the Windows OS into Windows XP SP2 4 ICMP and Active Mode FTP On Windows XP SP2 that is without patch KB889527 ICMP packets will be dropped from IPSec tunnel This issue can be fixed by upgrading patch KB889527 Before enabling IPSec VPN function on client device please access the patch from Microsofts web at http support microsoft com default aspx scid kb en us 889527 This patch also fixes issues of supporting active mode FTP inside IPSec VPN tunnel of Windows XP SP2 Suggestion Please UPDATE client s Windows XP SP2 with patch KB889527 5 The Termination of ActiveX The ActiveX component for IPSec VPN is running parallel with the Login Success web page Unless user decides to close the session and to disconnect with the system the following conditions or behaviors of use
79. N5 Additional Configuration E Enable Local VPN Remark z Note Local VPN in IAC3000 is an additional secure login VPN feature for IAC3000 local users subscribers The software design for Local VPN in I AC3000 is tightly coupled with Active X which is supported by Windows platform Internet Explorer where Active X program is supported Remote VPN When the setting is enabled the system allows the VPN tunnel between a remote client and the system to encrypt the data transmission via PPTP The system s VPN supports end users device under Windows 2000 Windows XP SP1 SP2 and Windows Vista Start IP field must be entered when enabled The supported Authentication Servers Group Permission Client Policy and the Remote VPN login page also can be configured here The system supports up to 10 PPTP connections Remote VPN for the Entire System Remote VPN Status Enable Disable IP Address Ra fe a Start IP Address 192 166 6 1 Support up to 10 connections SIP Configuration Enable C WAN Interface WAN Auth Option Auth Database Postfix Default Enabled server 1 LOCAL local Authentication a eT Mi Options Server 2 POP3 pop3 D Server 3 RADIUS radius O Server d LDAP Idap O Group Permission Configuration ta Applied Policy to Remote Client da Remote VPN Login Page Site to Site VPN Enable Site to Site VPN can create the IPSec VPN tunnel between two remote network
80. On demand User Log Date Size Byte 2009 01 23 790 Roaming Out Traffic History Date Size Byte 2009 01 23 106 Roaming In Traffic History Date Size Byte 2009 01 23 112 SIP Call Usage Log Date Call Count 2009 01 23 0 Monthly Network Usage of Local User Month No of Entries Usage Data 2009 01 1 Download 2008 12 1 Download 00 Caution Since the history is saved in the DRAM if you need to restart the system and also keep the history please manually copy and save the information before restarting 135 IAC3000 User s Manual lf the History Email has been entered under the Notification Configuration page the system will automatically send out the history information to that email address e Traffic History As shown in the following figure each line is a traffic history record consisting of 9 fields Date Type Name IP MAC Pkts In Bytes In Pkts Out and Bytes Out of user activities Traffic History 2009 01 23 Pkts Bytes Pkts Bytes Date Tvpe Name IP MAC om yp In n Out Out cate LOGIN testlocal192 168 30 8000 0D 60 77 BC FEO 0 0 0 2009 01 23 Idle test local192 168 30 9000 0D 60 77 BC FB441 307410 450 93440 14 14 56 timeout A LOGIN test local192 168 30 8000 0D 60 77 BC FBO 0 0 0 ee LOGOUT test locali19 168 30 8000 0D 60 77 BC FB1988 615144 1661 237799 e On demand User Log As shown in the following figure each line is a on demand user log record consisting of 13 fields Date System Name Type Nam
81. P725 Interface Factory Default Manual Admin Settings Used IP Address 1192 168 25 1 192 1 68 25 100 to Discover Login ID admin Password jad Status Enable Disable The Interface and AP Access configuration is the same as the settings mentioned above When Background AP Discovery function is enabled the system will scan once every 10 minutes or according to the time set by the administrator If any AP is discovered and Auto Add AP is enabled it will be assigned an available IP from the starting IP address and apply the selected template You can also set the channel the AP would use Caution The scanning process may take a long time if the IP range assigned to scan is too wide 97 IAC3000 User s Manual e Discovered AP List The discovered new APs will be listed here When the system s Service Zone is set to Tag based mode service zones also can be assigned here After clicking Add the current management page is directed to AP List where the newly added APs will show up with a status of configuring It may take a couple of minutes to see the status of the newly added AP to change from configuring to online or offline Discovered AP List IP Address AP Name Template AP Type Service Zone MAC Address Password Channel AP Type This is the supported type of APs for centralized management IP Address IP address of the specified AP MAC Address MAC address of t
82. Packets In Bytes In Packets Out Bytes Cut Expiretime Walic 2009 01 22 12 47 42 NetComm TAC3000 Create_OD_ User pa33 0 0 0 0 00 00 00 00 00 00 0 o o 0 2009 2009 01 22 12 61 29 NetComm TAC3000 OD User_Login pa33 192 168 30 80 00 00 60 77 BC FB O 0 2009 01 22 13 11 32 NetComm IAC30D0 OD User Logout pa33 192 168 50 80 00 00 60 77 BC FB 58 15561 TO 12784 e Management IP Address List In the page of Management IP Address List the administrator can grant the access of the web management interface by specifying a list specific IP addresses or ranges of IP addresses no matter the access is from WAN or LAN e SNMP If the function is enabled the Manager IP and the community can be assigned to access the management information base MIB of the system User Logon SSL Enable to activate https encryption or disable to activate http non encryption login page e Time IAC3000 supports NTP Network Time Protocol communication protocol to synchronize the network time Please specify the IP address of a NTP server to adjust the time automatically Universal Time is Greenwich Mean Time GMT The time can also be set manually by selecting Set Device Date and Time and then entering the date and time in these fields Device Time 2009 01 22 14 22 48 Time Zone GMT 10 00 Canberra Melbourne Sydney NTP Enable NTP Server 4 ntp1 cs mu OZ AU e g tock usno navy mil NTP Server 3 clock cuhk edu hk Time NTP
83. Page gt gt Uploaded Page Choose Uploaded Page and upload a login page Login Page Selection for Users Service Zone Default Default Page O Template Page Uploaded Page External Page Uploaded Page Setting Submit Existing Image Files Total Capacity 512 K Now Used iD E Upload Image Files UpioadImages S Submit Preview 212 IAC3000 User s Manual IAC3000 User s Manual The user defined login page must include the following HTML codes to provide the necessary fields for user name and password lt form action us erlogin shtml method post name E nter lt input type text name myus ername lt input type password name mypassword lt input type submit name submit value Enter gt lt input type reset name clear value Clear gt lt form And if the user defined login page includes an image file the image file path in the HTML code must be the image file to be uploaded Remote VPN lt img src images xx jpg gt Default Service Zone lt img src images0 xx jpg gt Service Zone 1 lt img src images1 xx jpg gt Service Zone 2 lt img src images2 xx jpg gt Service Zone 3 lt img src images3 xx jpg gt Service Zone 4 lt img src images4 xx jpg gt Click the Browse button to select the file to upload Then click Submitto complete the upload process Next enter or browse the filename of the images to upload in th
84. Radius Client Configuration ho om eno soztx rezaba 255 255 255 254 131 M Click the hyperlink RADIUS Client Listto enter the Radius Client Configuration interface Choose the desired type Disable Roaming Out or 802 1X and key in the 802 1X client s IP address and network mask and then click Apply to complete the settings gt 802 1X Authentication When 802 1X Authentication is enabled the Local authentication database will be used as a RADIUS database for connection with 802 1x enabled devices such as APs or switches gt Roaming Out The system s local user database can also be an external RADIUS database to another system When Account Roaming Out is enabled local users can login from other domains with their original local user accounts The authentication database with their original local user accounts acts as a RADIUS Server and roaming out local users act as RADIUS clients 50 4 2 1 2 IAC3000 User Manual POP3 The system supports authentication by an external POPS authentication server The system is capable of supporting two POP3 servers primary and secondary for fault tolerance When POP3 Authentication Database is enabled at least one external POP3 server must be activated The Local VPN function can be enabled for the clients authenticated by POPS authentication method Authentication Server Server 2 Black List Mone t Authentication Method POPS Ww POPS Setting Enable Local VPN
85. SHA 1 Key Life Time24n second m minute hhour didai Enable Rekey RekeyMargingm second V Enable PFS PFS GroupMODP1024 Click NEW to enter the screen of Remote VPN Gateway Name IP Address Authentication Method Pre shared Key Phase Proposal Diffie Hellman Group IKE Life Time Dead Peer Detection Remote VPN Gateway Pre shared key Encryption AES256 Authentication 5HA 1 Ol Group 1 Ol Group 2 Cl Groups IKE Lite Time Br s second m minute A hour d day DPD Delay 10 recono DPD Timeout 18 second Remote Subnet Ho Network Wask 1 OoOo 255 255 255 255 132 Y gt id 3 fs 255 255 255 255 192 4 255 255 255 255 192 5 po 255 255 255 255 192 120 IAC3000 User s Manual IAC3000 User s Manual 4 5 Utilities This section provides four utilities to customize and maintain the system including Change Password Backup Restore Settings Firmware Upgrade Restart and Network Utilities 60 Logout NEL IAC3000 Internet Access Controller ORLE MAM OLCOTT OOT all System We User E AP Wi Network We wa Status Configuration Authentication Management Configuration MA ko e n a E N re ai 3 Utilities Utilities Change Password Change the administration password Backup Restore Backup and restore system settings Administrator may also reset Settings system settings to factory default F
86. Select Authorize Net External Payment Gateway Authorize Net PayPal Disable Authorize Net Payment Page Configuration Merchant Transaction Key f Payment Gateway URL Verify SSL Certificate Enable Disable Test Mode O Enable Disable Try Test MDS Hash Enable Disable 144 IAC3000 User s Manual Some major fields are required O Setting 3 Description 2 O Merchant Login ID This is the Login ID that comes with the Authorize Net account To get a new key please log in Authorize Net gt gt Click Settings and Profile gt gt Go to the Security section gt gt Click Obtain Transaction Key gt gt Enter Secret Answer gt gt Click Submit Payment Gateway URL https secure authorize net gateway transact dll default gateway address To enhance the transaction security merchant owner can choose to enable this function and enter a value in the text box MD5 Hash Value Note For detailed description please see 4 2 1 6 ONDEMAND Authentication 1 3 Configure the Authorize Net Merchant Account to Match the Configuration of AC3000 Merchant Transaction Key Settings of the merchant account on Authorize Net should be matched with the configuration of IAC3000 Setting Ci ecription S O To configure MD5 Hash Value please log in Authorize Net gt gt Click Settings and Profile gt gt Go to the Security section gt gt Click MD5 Hash gt
87. Select Service Zone Mode Port Based Tag Based WAN Configuration WAN Configuration In tag based mode every port maps to every Service Zone WAN Traffic Settings LAN Port Mapping Service ones LANS LANE LAN LANE i LAN LAN2 LAN3 LANA Service Zone Port Role Setting Select Service Zone Mode Port Based Tag Based In tag based mode every port maps to every Service Zone LANS LANG LAN LANE LANA LAN2 LANS LAN4 172 Step 2 Configure Service Zone 1 for Guest Select the Service Zones tab and click Configure of SZ1 i User we AP Network Authentication AS Management Configuration 4 A q lt Service Zone Settings Configuration Wizard z Service Zone Settings NetCom LAN Port Mapping Netcom Employee 2 m_lACS None Policy 1 Server 1 C Service Zones alain Netcom ofS 3 m_lAC3 None Policy 1 server 1 Step 3 Configure Basic Settings for SZ1 Check the Enable radio button of Service Zone Status to activate SZ1 Enter a name for SZ1 e g Guest in the Service Zone Name field Enter a VLAN tag for SZ1 e g 1111 in the VLAN Tag field Basic Settings Service Zone Status Enable Disable Service Zone Name VLAN Tag 1111 range 1 4094 Operation Mode NAT Router Network Settings IP Address 19
88. Service Zones will be distinguished by VLAN tagging instead of by physical LAN ports Select Tag Based and then click Apply to activate the Tag Based VLAN function When a restart message screen appears do NOT restart the system until you have completed the configuration under the Service Zones tab first Service Zone Port Role Setting Select Service Zone Mode Port Based Tag Based Intag based mode every port maps to every Service Zone LAMS LANE LAN LAMS Note For more information on enabling and configuring Service Zones please refer to Appendix C Service Zone Deployment Example 35 IAC3000 User Manual 4 1 7 Service Zones A Service Zone is a logical network area to cover certain wired and wireless networks in an organization such as SMB or branch offices Service Zones can be set up as port based or tag based For example using a tag based method to deploy Service Zones by associating a unique VLAN Tag and SSID with each Service Zone administrators can separate one physical network into different logical zones Users attempting to access the resources within a particular Service Zone will be controlled based on the group they belong to and the group s associated policy profile such as authentication methods security features wireless encryption methods traffic control and etc There are up to eight Service Zones plus one default zone to be utilized by default they are named as Default Z1 SZ8 as s
89. US authentication do NOT support multiple login User Control Session Timeout Roaming Cut Timer Idle Timeout Interim Update 5 sRange 4 120 Upload File Certificate Enable Disable Enable Disable Enhance User Permit MAC Address Listicontrol listto manage which client devices are allowed to Authentication access the login page Credit Reminder User Control Functions under this section apply to all general users Idle Timer If a user has idled with no network activities the system will automatically kick out the user The logout timer can be set between 1 1440 minutes and the default logout time is 10 minutes Multiple Login When enabled a user can log in from different computers with the same account This function doesn t support On demand users and RADIUS authentication Roaming Out Timer Session Timeout The time that the user can access the network while roaming When the time is up the user will be kicked out automatically Idle Timeout If a user has idled with no network activities the system will automatically kick out the user Interim Update The system will update the users current status and usage according to this time period Upload File SSL Certificate A data record used for authenticating network entities such as a server or a client A certificate contains X 509 information pieces about its owner called the subject and the signing Certificate Authority called the iss
90. Upload Logout Success Page Existing Image Files Total Capacity 512 K Now Used 0 K Upload Image Files Preview Custom Pages gt gt Logout Success Page gt gt External Page Choose the External Page selection and get the logout success page from the specific website Enter the website address in the External Page Setting field and then click Apply After applying the setting the new logout Success page can be previewed by clicking Preview button at the bottom of this page Logout Success Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page External Page Setting External URL http 219 IAC3000 User s Manual Legal amp Regulatory Information This manual is copyright Apart from any fair dealing for the purposes of private study research criticism or review as permitted under the Copyright Act no part may be reproduced stored in a retrieval system or transmitted in any form by any means be it electronic mechanical recording or otherwise without the prior written permission of NetComm Limited NetComm Limited accepts no liability or responsibility for consequences arising from the use of this product NetComm Limited reserves the right to change the specifications and operating details of this product without notice NetComm is a registered trademark of NetComm Limited All other trademarks are acknowledged the property of their respective owners
91. Zone Port Role Setting Select Service Zone Mode Port Based O Tag Based Choice Of Port Role LAMS LANG LAN LANS ar LAM LAN LANG LAN 4 Note The switches deployed under IAC3000 in Port Based mode must be Layer 2 switches only The switch deployed under IAC3000 in Tag Based mode must be a VLAN switch only gt Port Based When Port Based mode is selected traffic from different virtual Service Zones will be distinguished by physical LAN ports Each LAN port can be mapped to a Service Zone in the form of a many to one mapping between ports and Service Zones o Specify a desired Service Zone for each LAN Port For each LAN port select a Service Zone to which the LAN port is to be mapped from the drop down list box By factory default all LAN ports are mapped to Default Service Zone therefore the administrator can enter the web management interface via any LAN port upon the first power up of the system From the drop down list box all disabled Service Zones are gray out to activate any desired Service Zone please configure the desired Service Zone under the Service Zone tab and enable its Service Zone Status refer to Section 4 1 7 Service Zones 34 IAC3000 User Manual Service Zone Port Role Setting Select Service Zone Mode Port Based OTa g Based Choice Of Port Role LANS LANG LAN LANES LAN LANZ LANS LAN4 gt Tag Based When the Tag Based mode is selected traffic from different virtual
92. a a ds Pan aeadotenenenseaeehanlstedeicuee 140 Appendix A Accepting Payment via Authorize Net ccccccoooooooecccccccocccc0cooeeoeooocoocceeeocccceccocscccsscsesssssssssssssso 142 Appendix B Accepting Payment via Paura once 153 Appendix C Appendix D Appendix E Appendix F Appendix G Appendix H Appendix I Appendix J Service Zone Deployment Example scssiecsssisssesasivncecsccessesstaasedasacewtacadevesdcdsceetesstavessaseccebacsdeneosetoceus 164 TONY SC O i ea E O 177 session Limit and Session LO siessen ae a a 183 Network Configuration on PC User LOgin isssccrssssscccccccccccccccsssssssssssscsccscccccccccccccccccssssssssscssssees 185 Console ITnierJ ACE iii EE E 201 Local VEN E O A O 205 Customizable PACES coon a a aa a icons 211 Legal amp Regulatory Informati n sind ini ARI TRA AEREAS Ea ESES Eis 211 IAC3000 User Manual Chapter 1 Before You Start 1 1 Purpose This manual is intended for the system or network administrators with the networking knowledge to complete the step by step instructions of this manual in order to use the AC3000 for a better management of their network system and user data 1 2 Document Convention For any caution or warning that requires special attention of readers a highlight box with italic font is used as below Warning For security purposes you should immediately change the Administrator s password Indicates that clicking this button will return to the hom
93. aatahaoheenees 74 A rop Con oura O ea a a dais et a hoentie staan a a T 76 424 Poley CONSULTA ON A A E E eaekeiaks 80 4 2 4 1 GTO DINO at E TE E T E E ETA 80 4 2 4 2 Er Gal BEN A EE nO E E E A eT E E E A A A S ee E A E EN 83 ADS Adho onn a Oae ell alias 87 4 3 SN E cs ouanaanaencceocchs tae A 90 Ao a ASEeacaucsn succes O 91 Bade ANP DISCOV A A O deeeeeey sete 96 NI outgupindeasoonveaneehaagwieens 100 Aime A SA A 101 AO Ware Managemen aon did 102 A APUPA E E E 103 as Je WDS Manageme Niao tata isa 104 4 4 Network COn tidad 105 AAA Network Address Transito ienien y EATE L TOTOO 106 IN A Ut aS Dire eet E E ies ET E N E E E 108 BAS Montor IP EG Gorenn E EE E E iii 110 4 4 4 Walled Garden List Walled Garden Ad List ooooommmmmmmmmmmmmmnnccnccnnnnonnronconnnnnnnronnnnnnnnnnnnnnnonenicnnnss 111 o Proxy Ser Ver PhOPe hic A O ndow a dns aht cdanen E a Ea 114 AAG Dama DNS A A a 115 Bi TP O A A E E 116 BAO WEN CONSUMO A SA A ee es teca ce caehyent 117 4 5 A A IRTEa AEE 121 45l A A A wwep dae E 122 432 A A O E EE 123 A PWA Pd llanas 124 BR GING SLANT E o O ORO O 125 AO VINCUWOR UINE atada aa 126 4 6 Sea EU E AAEE E E E A AE snare E E EE EE EE E ect estes aus A ec thn E anew ay A E 127 Aol SS E O E aude ee E E 128 AZ IEC AUS EA E A O E EEA 130 AOS Roua Vid BC AA E ex ee A io eb 132 AOA CUNAC USCIS cnica iii pi iii 134 4o A O E a a 135 406 Noicaom Conon Oeren ore e T e tds 138 4 7 Heler a a
94. address Then click OK 5 2 Click Advanced to enter the Advanced TCP IP Settings window 196 5 3 Click on the IP Settings tab and click Add below the Default gateways column and the TCP IP Gateway Address window will appear 5 4 Enter the gateway address of I AC3000 in the Gateway field and then click Add After back to the IP Settings tab click OK to finish the configuration IAC3000 User s Manual Advanced ICP IP Settings IP Settings ONS WINS Options IF addresses IF address Subnet mask DHCP Enabled Automatic metric Interface metric TCP IP Gateway Address EE 197 Automatic metric IAC3000 User s Manual An Example of User Login Normally users will be authenticated before they obtain network access through IAC3000 This section presents the basic authentication flow for end users Please make sure that the AC3000 was configured properly and network related settings were made 1 Open an Internet browser and try to connect to any website in this example we try to connect to www google com a For the first time if the IAC3000 is not using a trusted SSL certificate for more information please see 4 2 5 Additional Configuration there will be a Certificate Error because the browser treats AC3000 as an illegal website 7 Certificate Error Navigation Blocked Windows Internet Explorer EY IG http www google com File Edit Vi
95. aintenance issues we strongly recommend you backup system settings before upgrading firmware Warning 1 Firmware upgrade may cause the loss of some of the data Please refer to the release notes for the limitation before upgrading the firmware 2 Please restart the system after upgrading the firmware Do not power on off the system during the upgrade or the restart process lt may damage the system and cause malfunction 124 IAC3000 User s Manual 4 5 4 Restart This function allows the administrator to safely restart AC3000 and the process should take about 100 seconds Click YES to restart IAC3000 click NO to go back to the previous screen If turning off the power is necessary it is recommended to restart AC3000 first and then turn off the power after completing the restart process Do you want to RESTART the system A Caution The connection of all online users of the system will be disconnected when system is in the process of restarting 125 IAC3000 User s Manual 4 5 5 Network Utilities This function allows the administrators to manage functions including Wake on LAN Ping Trace Route and showing ARP Table by entering IP or Domain Name Network Utilities Wake On Lan Larra Ping www yahoo com ienomsin Names Trace Route A e Domain Mame ARP Table Status Done PING www wyahoo ht3 akadns net 209 131 36 158 56 84 bytes of 64 bytes from HA wwwwip sp1 yahoo com 209 13
96. ak gt Ga Que Gris Guo x E Dial up Connections Address ae a Date Time Display Folder Options Fonts a a a A Pal n PN Control Panel Py E 9 Game Intermet Keyboard Mouse Controllers Options Network and Dial up Connections Connects to other computers networks and the Internet Windows Update A IPhone and Power Options Printers Windows 2000 Support nee Modern Connections Regional Scanners and Scheduled Sounds and Options Cameras Tasks Multimedia System Users and VMware Tools x Connects to other computers networks and the Internet a My Computer Y 192 2 Right click on the Local Area Connection icon and select Properties 3 Select Internet Protocol TCP IP and then click Properties Now you can choose to use DHCP or a specific IP address 4 Using DHCP If you want to use DHCP choose Obtain an IP address automatically and then click OK This is also the default setting of Windows Then reboot the PC to make sure an IP address is obtained from IAC3000 193 IAC3000 User s Manual File Edit View Favorites Tools Advanced Help E Back E A Search Ly Folders Shistory az E X A Ed Address a Network and Dial up Connections gt 2 Go Connection Network and Dial up Connections Disable Status Local Area Connection PA Type LAN Connecti
97. and a phone ae s poUr rISP For a broadband account you won t need a phone number O Use the CD got from an ISP eae J _ nen 6 Choose Connect using a broadband New Connection Wizard connection that is always on and then click Internet Connection How do vou want to connect to the Internet Next O Connect using a dial up modem This type of connection uses a modem and a regular or ISON phone line O Connect using a broadband connection that requires a user name and password This is a high speed connection using ether a OSL or cable modem our SP may refer to this type of connection as PPPoE CO lb is a active and Pernt require you ie sign In Ta Cf nea 7 Finally click Finish to exit the Connection New Connection Wizard Wizard Now the setup is completed Completing the New Connection Wizard our broadband connection should already be configured and ready to use IF your connection is not working properly click the following link Learn more about broadband connections To close this wizard click Finish MOTA AT 189 TCP IP Network Setup IAC3000 User s Manual If the operating system of the PC in use is Windows 95 98 ME 2000 XP keep the default settings without any changes to directly start restart the system With the factory default settings during the process of starting the system lAC3000 with DHCP function will automatically assign an appropriate IP a
98. ange 1 99 by default it is 50 gt Base The weight ratio between WAN1 and WAN2 can be based on Sessions Packets or Bytes Packets and Bytes are based on historic data New connection sessions will be distributed between WAN1 and WAN2 by a weight ratio using random number Enable WAN Failover Normally a Service Zone uses WAN1 as it primary WAN interface When enabled and WANZ2 is available WAN1 s traffic will be routed to WAN2 when WAN1 connection is down On the other hand a Service Zone s policy could also use WAN2 as its interface in that case if WAN2 is down the WAN2 s traffic under its policy will also be routed to WAN1 gt Fall back to WAN1 when WANT is available again If WAN Failover is enabled the traffic will be routed to WAN2 automatically when WAN1 connection fails When fall back to WANT is enabled the routed traffic will be connected back to WAN1 when WAN1 connection is recovered 31 IAC3000 User Manual e Warning of Internet Disconnection When enabled there is a text box available for the administrator to enter a reminding message This reminding message will appear on clients screens when Internet connection is down An example of the reminding message can be Sorry The service is temporarily unavailable Note SIP authentication is exempt from Load Balancing and WAN Failover A fixed WAN port is used for SIP traffic 32 IAC3000 User Manual 4 1 6 LAN Port Mapping IAC3000 supports mu
99. ar Please enter the new username and password obtained and click Enter button The total available time or data size will be shown up after adding credit Redeem Page Welcome To Redeem Page Please Enter Your User Name and Password To Sign In Gj User Name El Password RARRRARARRARRAR ORAR AAA ORO RO ARA RRA RARO RARA NAAA bai 21 IAC3000 User Manual Chapter 4 Web Interface Configuration This chapter will guide you through further detailed settings The following table is the UI and functions of the IAC3000 Configuration Authentication Management Configuration Network AP List Address Translation Configuration Authentication Wizard Configuration Change System Password Status System Black List bat Backup Restore Interface Configuration Configuration Configuration Upgrade Table Walled Garden WAN2 Policy Template List Restart Current FUNCTION Configuration Configuration Settings Walled Garden Users Ad List WAN Traffic Additional Firmware Proxy Server Settings Configuration Management Properties Utilities History LAN Port Notification WDS oi o Configuration Caution After finishing the configuration of the settings please click Apply and pay attention to see if a restart message appears on the screen If such message appears system must be restarted to allow the settings to take effect All on line users will be disconnected during restart 22 4 1 System Configu
100. ation First Name The first name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter John in the First Name field indicating this customer s name Last Name The last name of a customer associated with the billing or shipping address of a transaction In the case when John Doe places an order enter Doe in the Last Name field indicating this customer s name Company The name of the company associated with the billing or shipping information entered on a given transaction Address The address entered either in the billing or shipping information of a given transaction City The city is associated with either the billing address or shipping address of a transaction State A state is associated with both the billing and shipping address of a transaction This may be entered as either a two character abbreviation or the full text name of the state Zip The ZIP code represents the five or nine digit postal code associated with the billing or shipping address of a transaction This may be entered as five digits nine digits or five digits and four digits Country The country is associated with both the billing and shipping address of a transaction This may be entered as either an abbreviation or full value Phone A phone number is associated with both a billing and shipping address of a transaction Phone number information may be entered as all number or i
101. ation Settings Authentication Status Enable Disable Auth lease Postfix Default Enabled Server 2 POP3 pop3 O Authentication Options Server 3 RADIUS radius O O Server 4 LDAP Idap O O a ONDEMAND ondemand O SIP NA Lo a Step 8 Configure LAN Port Mapping for SZ2 Select the LAN Port Mapping tab from the System menu to enter the LAN Ports and Service Zone Mapping page Select Employee from the drop down list box of LAN2 Click Apply to save the selection 168 IAC3000 User s Manual Configuration Wizard Service Zone Port Role Setting Select Service Zone Mode Por Based OTag Based System Information WAHT Configuration WAN2 Configuration Choice Of Port Role LANE LAN LAN3 LAN LAN2 WAH Traffic Settings I LAN Port Mapping LANS LANS LAN A warning message You should restart the system to activate the changes will appear at the bottom of the page Click the hyperlink of Restart to restart the system and activate all configurations Service Zone Port Role Setting Select Service Zone Mode Port Based O Tag Based Choice Of Port Role LANS LANG LAN LANE LANA LANZ LANZ LAN4 Step 9 Restart the System A confirmation message of Do you want to restart the system will appear Click Yes to start the restarting process A confirmation dialog box will then pop out Click OK to continue
102. ault certificate and key Click restart to validate the changes You just overwrote the setting with default KEY amp default CA file You should restart the system to activate this Click to restart e Credit Reminder The administrator can enable this function to remind the on demand users before their credit run out There are two kinds of reminder Volume and Time The default reminding trigger level for Volume is 1Mbyte and the level for Time is 5 minutes Volume Enable Disable Mbyte Range 1 10 Default 1 Credit Reminder _ Time Enable Disable minutes Range 1 20 Default 5 88 IAC3000 User s Manual e Enhance User Authentication With this function only the users with their MAC addresses in this list can log into IAC3000 There are 40 users maximum allowed in this MAC address list User authentication is still required for these users Please enter the Permit MAC Address List to fill in these MAC addresses select Enable and then click Apply MAC Address Control Enabled Disabled Item MAC Address Item MAC Address Total 40 First Prev Next Last Caution The format of the MAC address IS XX XX XX XX XX XX OT XX XX XX XX XX XX 89 4 3 AP Management AC3000 User s Manual AC3000 supports to manage up to 12 NP725 access points AP and they can be configured in this section This section includes the following functions AP List AP Discovery Manual Configuration Template
103. ble SecurePay Payment Page Configuration Merchant ID Merchant Password Payment Gateway URL https www Securepay com au xmlapi payment Verify SSL Certificate Enable Disable Currency AUD Australian Dollar 68 gt Secure Pay Payment Page Configuration IAC3000 User Manual Merchant ID This is the Login ID that is associated with the Secure Pay Business Account Merchant Password This is the Merchant Password that is associated with the Secure Pay Business Account Payment Gateway URL This is the default website address to post all transaction data Verify SSL Certificate This is to help protect the system from accessing a website other than Secure Pay Currency It is the currency to be used for the payment transactions Service Disclaimer Content Choose Billing for Payment Page Service Disclaimer Content We may collect and store the following personal information physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us Choose Billing Plan for SecurePay Payment Page Plan 1 Enable 2 Enable 3 Enable 4 Enable 5 Enable 6 Enable T Enable 8 Enable g Enable 10 Enable gt Service Disclaimer Content Disab Disab Disab Disabil Disab Disab Disab Disab Disab Disab le le le le le le le le le le Quota Price 2 hrs 0 mins 20 View service a
104. by checking the AP and clicking Add button Discovered AP List IP Address AP Hame Template AP Type Service Zone Add MAC Address Password Channel 192 168 251 admin TCMIPLaTCA Catan HPTZ5 Employee 00 60 64 27 10 12 admin ato w ues 99 IAC3000 User s Manual 4 3 3 Manual Configuration The AP also can be added manually even though when it is offline Input the related data of the AP and select a Template After clicking Add the AP will be added to the managed list Manual Configuration AP Type NP725 AP Name Admin Password AP IP 192 168 25 1 AP MAC 00 60 64 14 18 10 Service Zone Default Template TEMPLATE Channel gt AP Type This is the supported type of APs for centralized management gt AP Name Mnemonic name of the specific AP gt Admin Password Password required for this AP gt IP Address IP address of the specified AP gt MAC Address MAC address of the specific AP gt Remark Some extra information to be filled in for this AP if desired gt Service Zone The item is only shown when Tag Based mode is selected in System Configuration gt gt LAN Port Mapping Select the name of Service Zone such as Service Zone 1 Guest or Employee gt Template The template which will be applied to the added AP gt Channel The selected channel will be applied to the added AP 100 IAC3000 User s Manual 4 3 4 Template Settings Template is a model that can be copied to every
105. ce The price charged for this plan Client s Purchasing Record PayPal Payment Page Remark Content Client s Purchasing Record Starting Invoice Number Hotepor 00000001 Change the Number Description tem Name Internet access Title for Message to Seller Special Note to Seller PayPal Payment Page Remark Content A Payment is accepted via PayPal PayPal enables you to send payments securely online using PayPal account a credit card or bank account Clicking on Buy Now button gt Client s Purchasing Record Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it Description Item Name This is the item information to describe the product for example Internet Access Title for Message to Seller Administrators can edit the header title of the message note used in the PayPal payment page gt PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via PayPal Secure Pay Before setting up Secure Pay it is required that the merchant owners have a valid Secure Pay Business Account External Payment Gateway Authorize Net PayPal SecurePay Disa
106. completing and clicking Apply to save the settings go back to the previous page to select a server to be the default server and enable or disable any server on the list Users can log into the default server without the postfix to allow faster login process Server 1 4 There are 5 authentication methods Local User POP3 RADIUS LDAP and NTDomain to select from Authentication Server Server 1 Server Name Serer 1 Its server name Server Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline _ space and dot only The length of this field is up to 40 characters This name is used for the administrator to identify the authentication options easily such as HQ RADIUS Postfix A postfix is used to inform the system which authentication option to be used for authenticating an account e g bob MelbourneLdap or tim SydneyRadius when multiple options are concurrently in use One of authentication option can be assigned as default For authentication assigned as default the postfix can be omitted For example if MelbourneLdap is the postfix of the default option Bob can login as bob without having to type in bob MelbourneLdap Set a postfix that is easy to distinguish e g Local and the server numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Caution The Poli
107. convenient DNS function to translate a domain name to the IP address of WAN port that helps the administrator memorize and connect to WAN port If the DHCP is activated at WAN port this function will also update the newest IP address regularly to the DNS server These settings will become effective immediately after clicking Apply Dynamic DNS DDNS Enabled Disabled Provider DynDNS org Dynamic Username E mail E Password Key PS e DDNS Enabling or disabling of this function e Provider Select a DNS provider e Host name The IP address domain name of the WAN port e Username E mail The register ID username or e mail for the DNS provider e Password Key The register password for the DNS provider 115 IAC3000 User s Manual 4 4 7 IP Mobility IAC3000 supports IP PNP function IP Mobility IP PNP O Enable Disable At the user end a static IP address can be used to connect to the system Regardless of what the IP address at the user end is authentication can still be performed through I AC3000 116 IAC3000 User s Manual 4 4 8 VPN Configuration Virtual Private Network or VPN a type of technology designed to increase the security of information transferred over the Internet VPN can work with either wired or wireless networks as well as with dial up connections over POTS VPN creates a private encrypted tunnel from the end user s computer through the local wireless network through the Int
108. ctivate it o Destination IP Address The destination network address or IP address of the destination host Please note that if applicable the system will calculate and display the appropriate value based on the combination of Network IP Address and Subnet Mask that are just entered and applied o Destination Subnet Netmask The subnet mask of the destination network Select 255 255 255 255 32 if the destination is a single host o Gateway IP Address The IP address of the gateway or next router to the destination gt Schedule Profile Click Setting of Schedule Profile to enter the configuration page Select Enable to show the Permitted Login Hours list This function is used to limit the time when clients can log in Check the desired time slots and click Apply to save the settings These settings will become effective immediately after clicking Apply Enabled Disabled Policy 1 Login Schedule Frofile HOUR SUN MON TUE WED THU FRI SAT 00 00 00 59 01 00 01 59 02 00 02 59 03 00 03 59 gt Maximum Concurrent Session for User Include Maximum Concurrent Session for User from 10 to Unlimited The concurrent sessions for each user it can be restricted by administrator Note For more information please refer to Appendix E Session Limit and Session Log 86 IAC3000 User s Manual 4 2 5 Additional Configuration Additional Configuration idle Timer 100 Range 1 1440 Multiple Login E On demand and RADI
109. cy Name cannot contain these words MAC and IP Black List There are 5 sets of black lists provided by the system A user account listed in the black list is not allowed to log into the system the client s access will be denied The administrator may select one black list from the drop down menu and this black list will be applied to this specific authentication option Group Select one Group from the drop down list box for this specific authentication option Authentication Method Select Local from the drop down list box and then click Local User Setting button to enter the Local User Settings Then click the hyperlink of Edit Local User List Caution Enabling two or more servers of the same authentication method is NOT allowed IAC3000 User Manual 4 2 1 1 Local Choose Local User from the Authentication Method field the button besides the pull down menu will become Local User Setting Authentication Server Server 1 Server Name Server 1 lts server name Postfix local lts postfix name Black List Mone Authentication Method Local Local User Setting l Click the button of Local User Setting for further configuration Authentication Server Server 1 Server Name ilts server name Posttix Black List Authentication Method Group e Edit Local User List It let the administrator view add and delete local user account The Upload User button is for importing a list of user account from a text
110. d your Return URL Please note that in order to use Payment Data Transfer you must turn on Auto Return Payment Data On Transfer O off Identity Token FIY4O0qL EMdUbg8D_3y7kLG1C8iGdxpF z6f6kCo KBdOfSSQokKZkCBOru Copy the Identity Token in the above page to the section PayPal Payment Page Configuration of AC3000 PayPal Payment Page Configuration Business Account useratohotmall corn z Payment Gateway URL https aww paypal com cg binswebscr gt Identity Token HOC BY Uy Sy ay Miil Dima Lego lDO0kRNrenzia Verify SSL Certificate Enable Disable Currency LSO LS Dollar 156 IAC3000 User s Manual 1 3 Requirements for Building a Secure PayPal based E Commerce Site To deploy the PayPal function properly it is required that the merchant register an Internet domain name for example www StoreName com for this subscriber gateway device system Information System Name NetComm IAC3000 Device Name certificate FQON for this device In addition it is necessary to sign up for a SSL certificate licensed from a Certificate Authority for example VerSign for this registered Internet domain name Thus by meeting these two requirements it will allow end customers or subscribers to pay for the Internet access in a securer and convenient way 2 Basic Maintenance In order to maintain the operation the merchant owner will have to manage the accounts and payment transactions on PayPa
111. d for use with this product Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm Failure to do so may cause damage to this product fire or result in personal injury GNU General Public License This product includes software code that is subject to the GNU General Public License GPL or GNU Lesser General Public License LGPL This code is subject to the copyrights of one or more authors and is distributed without any warranty A copy of this software can be obtained by contacting NetComm Limited on 61 2 9424 2059 Product Warranty The warranty is granted on the following conditions 220 IAC3000 User s Manual 1 This warranty extends to the original purchaser you and is not transferable 2 This warranty shall not apply to software programs batteries power supplies cables or other accessories supplied in or with the product 3 The customer complies with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of NetComm including producing such evidence of purchase as NetComm may require 4 The cost of transporting product to and from NetComm s nominated premises is your responsibility and 5 NetComm does not have any liability or responsibility under this warranty where any cost loss injury or damage of any kind whether direct indirect consequential incidental or otherwi
112. d or monitor system status etc DC 12V The power adapter attaches here IAC3000 User Manual 3 1 4 Installation Steps Steps to install IAC3000 O Reset Console z WAN2 1 STATUS POWER i WAN LAN 1 Connect the 12V power adapter to the power socket on the rear panel The Power LED should be on to indicate a proper connection 2 Connect an Ethernet cable to the WAN1 Port on the front panel Connect the other end of the Ethernet cable to an ADSL modem a cable modem or a switch hub of the network The LED of WAN1 port should be on to indicate a proper connection 3 Connect an Ethernet cable to one of the LAN1 LAN8 Ports on the front panel Connect the other end of the Ethernet cable to an administrator s PC or a client PC AP or switch in managed network The LED of the connected port should be on to indicate a proper connection Attention IAC3000 supports Auto Sensing MDI MDIX You may use either straight through or cross over cable to connect the Ethernet Port 3 2 Software Configuration 3 2 1 Quick Configuration IAC3000 supports web based configuration Upon the completion of hardware installation IAC3000 can be configured via web browsers with JavaScript enabled such as Internet Explorer version 6 0 and above or Firefox There are two ways to configure the AC3000 system using the online Configuration Wizard or changing the settings by commands manually The Configuration Wizard comprises of six basic ste
113. ddress and related information for each PC If the Windows operating system is not a server version the default settings of the TCP IP will regard the PC as a DHCP client and this function is called Obtain an IP address automatically If checking the TCP IP setup or using the static IP in the LAN1 LAN2 or LAN3 LAN4 section is desired please follow these steps Check the TCP IP Setup of Window 9x ME 1 Choose Start gt gt Control Panel gt gt Network 2 Click on the Configuration tab and select TCP IP gt gt AMD PCNET Family Ethernet Adapter PCI ISA and then click Properties Now you can choose to use DHCP or a specific IP address 190 J Control Panel MES File Edit View Go Favorites Help e gt tls ta Bio x FE Bact Foner Up Cut Copy Paste Undo Delete Properties Views Address E Control Panel S m g AddNew Add Remove Date Time Accessibility Options Hardware Programs Control i Panel J a 4 amp Display Fonts Game Internet Network Controllers Options Configures network a hardware and software 388 3 O A Keyboard Modems Mouse Multimedia Microsoft Home Technical Support D Y Network Passwords Power Sources 32bit Management lt 1 STD mb al Y Configures network hardware and sol o My Computer Network Configuration Identification Accezsz Control The following network components are installed Client for
114. ding O Enable Ema Message Disable Authentication Status When enabled users must be authenticated before they get access to the network within this Service Zone Authentication Options There are total seven types of authentication database LOCAL POPS RADIUS LDAP NTDOMAIN ONDEMAND and SIP that are supported by the entire system For each Service Zone up to six authentication options can be enabled and one of them can be set as the default option so that users do not have to type in the postfix string while entering username during login Custom Pages Related login and logout pages can be customized by administrators for each service zone Please refer to Appendix I Customizable Pages for more details Group Permission for this Service Zone For each Service Zone the administrator can set up multiple groups for that Service Zone For each group an associated policy can be assigned Therefore users in the same group follow the same policy and have the same privileges To configure Group permission based on the role of this Service Zone 40 IAC3000 User Manual Click Configure to have further configuration or view the details Click Enabled of the desired Group option s to allow the clients of the selected Group s to log into this Service Zone after a successful authentication Moreover a pre defined Policy can be applied to any Group in this Service Zone Click the hyperlink of the respective Group names in the Edit
115. dmin username and password after logging in the system for the first time Reload factory default Choosing this option will reset the system configuration to the factory defaults Restart IAC3000 Choosing this option will restart IAC3000 204 IAC3000 User s Manual Appendix H Local VPN The system is equipped with IPSec VPN feature To utilize IPSec VPN supported by Microsoft Windows XP SP2 with patch and Windows 2000 operating systems the system implements IPSec VPN tunneling technology between client s windows devices and the system itself regardless of wired or wireless network By pushing down ActiveX to the client s Windows device from the system no extra client software is required to be installed except ActiveX in which a so called clientless IPSec VPN setting is then configured automatically At the end of this setup a build in IPSec VPN feature will be enabled and ready to serve once it is launched for setup The goal of this design is to eliminate the configuration difficulty from IPSec VPN users At the client side the IPSec VPN implementation of the system is based on ActiveX and the built in IPSec VPN client of Windows OS 7 ActiveX Component The ActiveX is a software component running inside Internet Explorer The ActiveX component can be checked by the following windows EE A Manage Add ons EJ View and manage add ons that are installed on your computes Disabling or deleting add
116. does not pop up please check the connection of the cables and the settings of the terminal simulation program lqqqqgqqagqaqqagqagqaqaqgqaqgqaqagg Welcome qadgaddqadgadadgadadgadgaddaadgadadadgagadgadgk TIAC3BBB Console W Current firmware version 1 00 00 Build 66406 TIAC3BB B running time 53 min e ee ae 2 taqgaqqaqaaqaaqaaqaqaaqaqaqaaqaaqaaqagagaaaaqgaqaaqaaqaaqaqaqqaqaaqaaqaaqaaqaqaaqau 201 IAC3000 User s Manual laqqqqqqqaqgqqqqqgqqaqag TIACIBBB Basic Configuration gqqqqqqqqqqqqqqqaqqaqqqk lease select functions laqqqqaqaqqaqag PA x ox x Change admin password W x Reload factory default W X RSS Restart 51615 W x W maggaggqaqaagqagaqgaagqagaqaagqagaqgaagagaqgagagaqgaagagaaqgaaagaaggaaqaqaqaqj tagqaqagqaagqaaqaqaaqgaaqaqaagqggagggaggqaqaagggagagggagagaaggaaagqaaaqaagqgaaqgaqqaqaqu x lt OK gt W A A A A i A A A 202 IAC3000 User s Manual Utilities for network debugging The console interface provides several utilities to assist the Administrator to check the system conditions and to debug any problems The utilities are described as follows lagagagadgadgadgadadadadadada LACSO08 Configuration Utility qqqqqqqqqqqqqqqqqqqk K e E e e e e E E E Y A A A A A A A A A A A A A A A Please select utility Trace routing path Display interface settings Display routing table Display ARP table Display system up time Check service status Set device into
117. dows 9x 2000 18 x 1 Choose Start gt gt Control Panel gt gt Internet OEA de Back fey A Search U4 Folders SYhistory Cas E x A Eav Options adress om cowe o dee Accessibility Add Remove Add Remove Admin Control Panel Options Hardware Programs Internet Options AL Configures your Internet display and connections settings Display Folder Options Fonts Game Controllers Qu Windows Update i awe Ss Windows 2000 Support ON Keyboard Mouse Network and Phone and Power Options Dial up Co Modem 3 Y A e Printers Regional Scannersand Scheduled Sounds and Options Cameras Tasks Multimedia EA Go System Users and YMware Tools Paccminr ds hd Configures your Internet display and connections settings g My Computer 2 Choose the Connections tab and then click zixl General Security Content Connections Programs Advanced 9 Use the Internet Connection Wizard to connect your computer to the Internet Dial up settings Add Remove Settings 9 Dial whenever a network connection is mot present Setup f Weyer dial a connection Always dial my default connection Gurren Mome Seb Default Local Area Network LANI settings LAN Settings OK Cancel Apply 185 IAC3000 User s Manual 3 Choose I want to set up my Internet Welcome to the Internet Connection Wizard connection manually or
118. e NELILOMM i IAC3000 Internet Access Controller HHA COT EAD Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address Select itto set static IP address Dynamic IP Address Select itto obtain an IP address automatically For most cable modem users PPPoE Client Enter the PPPoE Clients Username and Password For most DSL users A ax gt Static IP Address Set WAN Port s Static IP Address 13 IAC3000 User Manual Enter the IP Address Subnet Mask and Default Gateway DNS Server provided by your ISP Click Next to continue MAA l IAC3000 Internet Access Controller AAA Step 4 Select the Connection Type for WAN Port Select the connection type for WAN port Click Next to continue Static IP Address select it to set static IP address O Dynamic IP Address Select itto obtain an IF address automatically For most cable modem users PPPoE Client Enter the PPPoE Clients Username and Password For most DSL users a A eactus Melum i lAC3000 Internet Access Controller EVE ECON Step 4 Cont Set WAN Port s Static IP Address Click Next to continue wadiress id subnettas DefaultGateway gt ous sever Gm gt PPPoE Client Set PPPoE Client s Information Enter the Username and Password provided by the ISP Click Next to continue
119. e IP MAC Pkts In Bytes In Pkts Out Bytes Out 1st Login Expiration Time Account Valid Through and Remark of user activities On demand User Log 2009 01 23 Date System Name Type TE ip MAC Pkts Bytes Pkts Bytes 1st Login Expiration AccountValid In In Out Out Time Th rough ie 01 23 12 46 72 A 200 nm 01 25 dE 7 PA LUEHMO Creata OD Taam RECT a 0 0 0 00 00 00 00 00 00 it it a u pet eS eee Nena 12 46 24 TAC3000 12 46 34 2005 01 23 12 48 35 fattemm 1423000 2005 01 25 12 48 35 Create OD Unas Fula 0 0 0 0 00 00 00 00 00 00 il 0 it Ha Nona 12 48 35 TAC3000 SAS 12 48 35 2005 01 23 12 82 02 MotComma 1423000 2005 01 26 12 52 02 Create OD Toa diz 0 0 0 0 00 00 00 00 00 00 i u u a Xona 12 52 02 T14C3000 AA 12 52 02 rii 01 23 16 47 15 atom TAC300 pl 01 25 16 47 15 ee E pae sais Creata OD Dras r55k 0 0 0 0 00 00 00 00 00 00 it u 0 la PA ona 16 47 15 TAC3000 SS 16 47 15 2005 01 23 16 47 44 MatComma 1423000 2005 01 25 16 47 43 i a OD Tear Login jz Sic 192 1 8 30 80 00 0D0 60 77 BC0 FE i oO u ul fone 16 47 44 T14C3000 16 47 43 e Roaming Out Traffic History As shown in the following figure each line is a roaming out traffic history record consisting of 14 fields Date Type Name NSID NASIP NASPort UserMAC SessionlD SessionTime Bytes in Bytes Out Pkts In Pkts Out and Message of user activities Roaming Out Traffic History 2009 01 23 Date Type Name NASID NASIP NASPort UserMAC SessionID SessionTime PYS
120. e TEMPLATE1 Band 802 11b 802 119 Subnet Mask 255 255 255 0 Gateway 192 168 30 1 Note Ifthe Band ofthe template cannot match current Channel the Channel will be changed to Auto Click Apply Service Zone to setup one Service Zone to the AP A Service Zone Service Zone L D Name SSID WLAN Encryption o Default NetComm_lAC3000 None 92 IAC3000 User s Manual e AP Name Click AP Name and enter the interface about related settings There are four kinds of settings General Settings LAN Interface Setting Wireless Interface Setting and Access Control Setting Click the hyperlink to go on the configuration AP Configuration General Settings Name Office AP General Firmware Unknown LAN Interface Settings IP 192 168 30 101 LAN Gateway 192 168 30 1 Wireless Interface Settings Channel G Wireless LAN Data Rate Auto Access Control Settings Status Disabled Access Control ee Number of MAC 0 Addresses gt General Setting Click Setting to enter the General Setting interface Firmware information can be observed here General Settings Name Admin ra dd NTP Server 1 NTP Server 2 SNMP SYSLOG Disabled Remark Firmware 93 IAC3000 User s Manual gt LAN Setting Click LAN to enter the LAN Setting interface Input the data of LAN including IP address Subnet Mask and Default Gateway of AP LAN Settings IP Address 192 168 30 101 Subnet Mas
121. e and Session Limit Management can be defined Additional configurations are in this section They are User Session Control Built in RADIUS Server Settings Customization Remaining Time Reminder and MAC ACL The administrator can control user session such as idle timeoutin User Session Control Three fuctions are provided in Builtin RADIUS Server Settings such as session timeout In Customization the administrator can upload certificate to the system Remaining Time Reminder provides remaining time information to clients on the screen The administrator can manage the access control to the system via clients MAC address inthe MAC ACL Access Control List 43 IAC3000 User Manual 4 2 1 Authentication Configuration This section is for administrators to pre configure authentication servers for the entire system s Service Zones For a particular Service Zone administrators can enable all the authentication servers which will be used and also specify a default authentication server in the page of Service Zone Settings Concurrently up to four servers can be selected and pre configured here by administrators from the five types of authentication databases LOCAL POP3 RADIUS LDAP and NTDOMAIN In addition there are two servers On demand User and SIP that are selected by the system For the Authentication Settings of each Service Zone please see 4 1 7 Service Zones Authentication Configuration Authentication Server Configura
122. e List Monitor IP List Walled Garden List Proxy Server Properties Dynamic DNS IP Mobility VPN Configuration Utilities Change Password Backup Restore Settings Firmware Upgrade Restart Network Utilities Status system Configuration Interface Status Routing Table Current Users Traffic History Traffic History On demand User Log Roaming Out Traffic History Roaming In Traffic History SIP Call Usage Log Monthly Network Usage of Local User Notification Configuration 141 IAC3000 User s Manual Appendix A Accepting Payment via Authorize Net This section is to show independent Hotspot IAC owners how to configure related settings in order to accept credit card payments via Authorize Net making the Hotspot an e commerce environment for clients to pay for and obtain Internet access using their credit cards MERCHANT S BUSINESS Mer i INTERNET y l k CUSTOMER A Authorize Ne MERCHANT S BANK ACCOUNT en MERCHANT S BANK E 3 3 CARD CA NAS ISSUER gt O O CREDIT CARD INTERCHANGE PROCESSOR 142 Offers instant on demand guest access to Internet leeds to charges e No Internet accesson gt y credit cards _ Disable Yes Credit Card Billing function Make sure two types of accounts are US randy NT Internet Merchant accoun opened and ready f j Gateway Account Obtain information from
123. e Upload Images field on the Upload Images Files page and then click Submit The system will show the used space and the maximum size of the image file of 512K If the administrator wishes to restore the factory default of the login page click the Use Default Page button to restore it to default After the image file is uploaded the file name will show on the Existing Image Files field Check the file and click Delete to delete the file After the upload process is completed and applied the new login page can be previewed by clicking Preview button at the button e Custom Pages gt gt Login Pages gt gt External Page Login Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page External Page Setting External URL http Choose the External Page selection and get the login page from the specific website In the External Page Setting enter the URL of the external login page and then click Apply After applying the setting the new login page can be previewed by clicking Preview button at the bottom of this page The user defined logout page must include the following HTML codes to provide the necessary fields for username and password 213 IAC3000 User s Manual lt form action userlogin shtml method post name E nter lt input type text name myus ername lt input type password name mypassword lt input type submit name submit va
124. e Zone Default This is default login success page for on demand users You could click preview link to preview the default login success page Thanks Preview 216 IAC3000 User s Manual Custom Pages gt gt Login Success Page for On demand Users gt gt Template Page Choose Template to make a customized login success for on demand account Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result Login Success Page Selection for on demand Users Service Zone O Default Page Uploaded Page Color for Title Background Color for Title Text Color for Page Background Color for Page Text Default Template Page O External Page Template Page Setting select RGB values in hex mode select RGB values in hex mode Select RGB values in hex mode Select RGB values in hex mode Title Login Success Page for Guest Users Welcome Welcome Information Please clickthis button to Logout Logout Information2 Thank you Remaining Usage Remaining Usage Day Day Hour Hour Min Min Sec sec Login Time Login Time Redeem Redeem Preview Custom Pages gt gt Login Success Pages for On demand Users gt gt Uploaded Page Choose Uploaded Page and get the login success page for on demand users by uploading Click the Browse button to select the file for the login success
125. e destination IP address of the device gt Subnet Mask The Subnet Mask IP address of the port gt Gateway The Gateway IP address of the port gt Interface The choice of interface network including WAN1 WAN2 Default or the named Service Zones to be applied for the traffic interface 133 IAC3000 User s Manual 4 6 4 Current Users In this function each online user s information including Username IP MAC Pkts In Bytes In Pkts Out Bytes Out Idle Location and Kick Out will be shown Administrators can force out a specific online user by clicking the hyperlink of Logout and check the user access AP status by clicking the hyperlink of the AP name for Location Click Refresh is to update the current users list Current Users List Username Pkts In Bytes In Location litem tdle IP MAC Pkts Out Bytes Out Kick Out z95k ondemand 11 1401 NIA 1 0 1921683080 O00 0D0 60 77 BC FB 15 1954 Logout Refresh 134 IAC3000 User s Manual 4 6 5 Traffic History This function is used to check the history of IAC3000 The history of each day will be saved separately in the DRAM for 3 days Sorted by time the traffic history provides all login and logout activity of specific date Other information includes User Name IP address MAC address In bound Packet Count Out bound Packet Count In bound Byte Count and out bound Byte Count Traffic History Traffic History Date Size Byte 2009 01 23 410
126. e login to AC3000 Internet Explorer will ask clients to download an ActiveX component of IPSec VPN Once this ActiveX component is downloaded it will run in parallel with the Login Success Page after the page being brought up successfully The ActiveX component helps set up individual IPSec VPN tunnels between clients and AC3000 and check the validity of IPSec VPN tunnels between them If the connection is down the ActiveX component will detect the broken link and decompose the IPSec tunnel Once the IPSec VPN tunnel was built all sent packets will be encrypted Without connecting to the original IPSec VPN tunnel a client has no alternative way to gain network connection beyond this IPSec VPN feature supported by IAC3000 directly solves possible data security leak problem between clients and the system via either wireless or wired connections without extra hardware or client software installed An example of the local VPN follow is shown as follows a g Bras 192 168 30 1 loginpages vpn_main shtmiruip gt 6 dh Page O Tos El This website wants to install the following add on VPNChent CAB from NebComm Linked IF you trust the webste and the add on and want to install it click here aw f J https J 192 168 30 1 loginpagesfvpn_main shtmiPuip Ti Internet Explorer Security Warning X mu Name VPNClient CAB Publisher MetComm Limited More options instal Dont install While files From the Int
127. e refer to Appendix F Network Configuration on PC User Login 17 IAC3000 User Manual 3 2 2 User Login Portal Page To login from the login portal page via the controlled port the user has to be authenticated by the system with username and password The administrator also can verify if the configuration of IAC3000 has been done properly 1 First provided the steps in 3 1 4 and the quick set up wizard were completed you may now connect a client s device for example a PC to the controlled port of IAC3000 and set the device to obtain an IP address automatically After the client obtains the IP address open an Internet browser Try to launch any website and then the default User Login Page will appear Enter a valid User Name and Password e g test local for the username and test for the password Click Submit button User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In amp User Name Password ee n E GoD C Remember Me Click here to purchase by Credit Card Online 2 Login success page will appear if IAC3000 has been installed and configured successfully Now clients can access the network or surf on the Internet 18 IAC3000 User Manual NetComm Australia Broadband Solutions Products And Services Microsoft Internet Explorer provided by NetComm ME QO Erom reom cn Jeee E Fie Edit view Favorites Tools Help Links we ke
128. entity Token This is the key used by PayPal to validate all the transactions Verify SSL Certificate This is to help protect the system from accessing a website other than PayPal Currency lt is the currency to be used for the payment transactions Service Disclaimer Content Choose Billing for Payment Page Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may Choose Billing Plan for PayPal Payment Page Plan Enable Disable Quota Price 1 Enable ObDisable 1 hris 4 2 Enable Disable 4 hr s 6 3 Enable Disable 500 Mbyte s 5 4 Enable Disable 300 Mbyte s 3 5 Enable ObDisable 2 hr s 4 6 Enable Disable T Enable Disable 8 Enable Disable 9 Enable Disable 10 Enable Disable gt Service Disclaimer Content View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer gt Choose Billing Plan for PayPal Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed 67 IAC3000 User Manual Enable Disable Choose to enable or disable the plan Quota The usage time or condition of each plan Pri
129. epage of this section amp Indicates that clicking this button will return to the previous page Indicates that clicking this button will apply all of your settings P Indicates that clicking this button will clear what you set before these settings are applied IAC3000 User Manual Chapter 2 System Overview 2 1 Introduction of AC3000 IAC3000 is an Internet Access Controller specially designed for wired and wireless data network environments in small to middle scaled businesses and hotspots It features integrated management secured data transmission and enhanced accounting and billing System administrators can effectively monitor wired or wireless users including employees and guest users via its user management interface Moreover administrators can discover configure monitor and upgrade all managed Access Points APs from a single centralized AP management interface the lAC3000 2 2 System Concept IAC3000 is capable of managing user authentication authorization and accounting The user account information is stored in the local database or a specified external database server Featured with user authentication and integrated with external payment gateway IAC3000 allows users to easily pay the fee and enjoy the Internet service using credit cards through Authorize net PayPal amp Secure Pay With centralized AP management feature the administrator does not need to worry about how to manage multiple wireless access p
130. er bob or bob MelbourneLdap as his username Black List There are five sets of the black lists A user account listed in the black list is not allowed to log into the system Select one black list from the drop down list box to be applied to this specific authentication option Group Select one Group from the drop down list box for this specific authentication option Enable Local VPN When Local VPN function is enabled for this authentication option upon a 52 IAC3000 User Manual successful login of a client a VPN tunnel will be established between a client s device and the system The data passing through the VPN tunnel are encrypted The system s Local VPN supports client devices under Windows 2000 and Windows XP SP1 SP2 Note Local VPN in I AC3000 is an additional secure login VPN feature for AC3000 local user subscribers The software design for Local VPN in 1AC3000 is tightly coupled with Active X which is supported by Windows platform Internet Explorer where Active X program is supported e Authentication Method Select RADIUS from the drop down list box and then click Radius Setting for further configuration as below Enter the related information for the primary and or the secondary RADIUS server the secondary server is not required The fields with red asterisk are required The settings will take effect immediately after clicking Apply RADIUS Configuration 802 1x Authentication Trans Full Name N
131. ername Password MAC Address Local VPN Enabled Remark 00 20 46 46 41 05 Cielete o Add User Click this button to enter into the Adding User s to the List interface Fill in the necessary information such as Username Password MAC and Remark Select a desired Group to classify local users Check to enable Local VPN in the Enable Local VPN column Click Apply to complete adding the user s Note Local VPN in IAC3000 is an additional secure login VPN feature for AC3000 local users subscribers The software design for Local VPN in IAC3000 Is tightly coupled with Active X which is supported by Windows platform Internet Explorer where Active X program is supported For more information on Group configuration please refer to Section 4 2 3 Group Configuration Add User R ass i MAC me Local tem Usemam Password PEA AAA A Add User Lisertest has been added Add User MAC Local Username Password Group Remark tal MACRO Grow Remark Mesa o Upload User Click Upload User to enter the Upload User from File interface Click the Browse button to select the text file for uploading user accounts then click Upload to complete the upload process 47 IAC3000 User Manual Upload User Note 1 The format of each line ts ID Password MAC Group Remark IPSec without the quotes There must be no space between the fields and commas The MAC field could be omitted but the trai
132. ernet all the way to the corporate servers and database IAC3000 provides 3 types of VPN for different network usage scenarios Here we ll use local VPN as an example VPN Configuration Local VPN Remote VPN site to Site VPN Local VPN Local VPN allows users to create the VPN tunnel between a user s device and IAC3000 to encrypt wired and wireless data transmission In addition only when this function is enabled Active here do users of the entire system are able to use Local VPN Local VPN users can also be isolated from each other when VPN Client Isolation is enabled Local VPN For The Entire System Active Enable Disable VPN Client Isolation Enable Disable IPSec Parameters Encryption DES 3 DES Integrity MDS SHA 1 Diffie Hellman Group 1 Group 2 117 IAC3000 User s Manual For more information about Local VPN please see Appendix H Local VPN Note When users are required to use Local VPN for data security their user accounts have to be configured properly to do so For example when adding a user account user1 into the Local user database administrator should check the Local VPN box System Wa AP Network f _ Configuration J Management Configuration Local User Configuration Authentication Configur ation User Profile Black List Configuration Username test Group Configuration Password 1234 MAC Policy Configuration Group Group 1
133. ernet can be useful this File type can gestae ca uh Do you want to install this software your computer Only install software from publishers wou trust ww https 192 168 90 lognpages van_main shtmi ui 7 The VPN connection is being established Please wail Ao Her 206 IAC3000 User s Manual k amp https 192 168 30 1 loginpages vpn_main shtmiruip Hello you are logged in via test local The connection is secured by IPSec VPN is Login time 2009 1 27 12 23 26 To logout please click the Logouf button Logout 2 Limitations The limitation on the client side due to ActiveX and Windows OS includes a Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol It shall be turned off to allow IPSec packets to pass through b Without patch ICMP Ping and PORT command of FTP can not work in Windows XP SP2 The forced termination through CTRL ALT DEL Task Manager of the Internet Explorer will stop the running of ActiveX It causes that IPSec tunnel cannot be cleared properly at client device A reboot of client device is needed to clear the IPSec tunnel d The crash of Windows Internet Explorer may cause the same result 3 Internet Connection Firewall In Windows XP and Windows XP SP1 the Internet Connection Firewall is not compatible with IPSec Internet Connection Firewall will drop packets from tunneling of IPSec VP
134. ervers within the managed network Different virtual servers can be configured for different sets of physical services such as TCP and UDP services in general Enter the External Service Port Local Server IP Address and Local Server Port Select TCP or UDP for the service s type In the Enable column check the desired server to enable These settings will become effective immediately after clicking the Apply button Public Accessible Server Item External Service Port Local Server IP Address Local Server Port Type Enable i rd ie O O UDP O TCP e E EJEA a O TCP E Y E OOO e Port and IP Redirect This function allows the administrator to set 40 sets of the IP addresses maximum for redirection purpose When the user attempts to connect to a destination IP address listed here the connection packet will be converted and redirected to the corresponding destination Please enter the IP Address and Port of Destination and the IP Address and Port of Translated to Destination According to the different services provided choose the TCP protocol or the UDP protocol These settings will become effective immediately after clicking Apply Port and IP Redirect Destination Translated to Destination Item Type IP Address Port IP Address Port TCP Ln JLbL WEOE OSIC UDP TCP 2 T O UDP O TCP BE TEO SE IE S up 107 IAC3000 User s Manual
135. ervice Zone IP Address AP Type AP Name Status MAC Address E Service Zone Port Role k Configuration Wizard i Service Zone Port Role Setting System Information Select Service Zone Mode f Por Based O Tag Based WAN2 Configuration Choice Of Port Role WAH Configuration WAN Traffic Settings LAN LAN LANE A Nice ones LAN x A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps 166 IAC3000 User s Manual Service Zone Port Role Setting Select Service Zone Mode Port Based Tag Based Choice Of Port Role LANS LANE LAN LANS LAN1 LAN LAN LAN4 You should restart the system to activate the changes Restart LAN1 is now configured for Guests Step 5 Configure Service Zone 2 for Employees Assume that LANZ2 is assigned to the Service Zone 2 SZ2 for Employees Select the Service Zones tab and click Configure of SZ2 X Logout MEG 1AC3000 Internet Access Controller Help WWW NELCOMIN COM FU 7 User AP Network 7 Authentication _ Management _ Configuration Utilities Status Service Zone Settings Configuration Wizard Service Zone Settings System Information Service i dd mee C WAN Configuration er ae e SSID Encryption Policy Authentication tus Details WAN1 Config
136. et Y Windows Update Controllers Options 0 Help and Support amp gt ab 2 lt gt Keyboard Mouse Network Power Options Connections S amp S Fe Printers and Regional and Scannersand Scheduled Sounds and Faxes Language Cameras Tasks Audio Devices g U e Speech System Taskbar and User Accounts YMware Tools 2 Right click on the Local Area Connection icon S Network Connections File Edit view Favorites Tools Advanced Help and select Properties Q sack z Q S P Search gt Folders i Address 43 Network Connections 2 LAN or High Speed Internet Network Tasks ocal Area Connection E Create a new Aaa connection AMD PCNET Family PCI Ethern 9 Set up a home or small Disable office network Statis Disable this network nasar device P a Repair this connection Bridge Connections mij Rename this connection View status of this connection Change settings of this connection Create Shortcut Other Places G Control Panel Q My Network Places E My Documents 3 Click on the General tab and choose Internet Local Area Connection Properties Protocol TCP IP and then click Properties General Authentication Advanced Connect using a eons IP address This connection uses the following thems El Client for Microsoft Networks m File and Printer Sharing for Microsoft Networks Internet Protocol TCP IP B Install Uninstall C Properties
137. ettings Used to Discover Choose from Factory Default or Manual IP Addresses of APs after Discovery Start assigning from this IP address to discovered APs Then click the Scan Now button and the APs match the given settings will show in the list below If one of the IP addresses intended is used a warning message will show up In this case please change the IP range and then click Scan Now again Input the desired name and password for the AP Select one template check it and then click Add to add it under the managed list About the template please see 4 3 4 Template Settings When the matched AP is discovered it will show up in the list below and be given a new IP address set here ex 192 168 25 1 Check the Add box to add the AP and it will be listed to the AP list When an AP is added its MAC address will be automatically recorded into MAC Privilege List please see 4 4 2 Privilege List so its management page can be accessed Click Configuring to go on the related configuration For the details please refer to 4 3 1 AP List e Background AP Discovery Click Configure to enter Background AP Discovery interface to go on related 96 AC3000 User s Manual configuration Background AP Discovery AP Type NP 725 inerace Factory Default IP Address 192 168 25 1 Admin Settings Used ee ee in limer Login ID admin Password admin Manual Status Enable Disable Ca E Background AP Discovery AP Type N
138. ew Favorites Tools Help Y abe Certificate Error Navigation Blocked y There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Y Click here to close this webpage Continue to this website not recommended More information b Please press Continue to this website to continue c The default user login page will appear in the browser User Login Page Welcome To User Login Paga Please Enter Your User Name and Password To Sign In User Name Password Ll Ramermiber Nte 2 Enter the username and password for example we use a local user account test local here and then click Submit button If the Remember Me check box is checked the browser will remember this user s name and password so that he she can just click Submit next time he she wants to login Check the Remember Me box to store the username and password on the current computer in order to automatically login to the system at next login Then click the Submit button The Remaining button on the User Login Page is for on demand user
139. f bytes received and sent by the user 137 IAC3000 User s Manual 4 6 6 Notification Configuration AC3000 can automatically send the notification of Monitor IP Report Traffic History On demand User Log Session Log and AP status to up to 3 particular e mail address The notification of AP Status is triggered by the event when a managed AP becomes unreachable while the other types of emails are sent periodically in given intervals such as 1 hour A trial email is provided by the system for validation In addition the system supports recording Syslog of Traffic History On demand User Log and Session Log via external Syslog servers In addition the Session Log can be sent to a specified FTP server Enter the related information and select the desired items and then apply the settings E mail Notification Configuration Monitor IP Traffic On demand a History User Log HBB Send From SMTP Auth Method Syslog Configuration FTF Server Settings Send Log every Hours Note same as Interval of Session Log in the Hotification E mail Settings Session Log Using Anonymous yes No FTP Setting Test E mail Notification Configuration gt Send To Up to 3 e mail address can be set up to receive the notification These are the receiver s e mail addresses There are four kinds of notification to selection Monitor IP Report Traffic History On demand User Log and AP Status and check whic
140. fault Default Page Template Page Uploaded Page External Page Default Page Setting Service Zone Default This is default logout success page for users You could click preview link to preview the default logout success page Preview Custom Pages gt gt Logout Success Page gt gt Template Page Choose Template Page to make a customized logout success page Click Select to pick up a color and then fill in all of the blanks Click Preview to see the result first Logout Success Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page Template Page Setting Color for Tite Background Select RGB values in hex mode Color for Title Text _ Select RGB values in hex mode Color for Page Background Select RGB values in hex mode Color for Page Text Select RGB values in hex mode 218 IAC3000 User s Manual Custom Pages gt gt Logout Success Page gt gt Uploaded Page Choose Uploaded Page and get the logout success page to upload Click the Browse button to select the file for the logout success page upload Then click Submit to complete the upload process After the upload process is completed and applied the new logout success page can be previewed by clicking Preview button at the bottom Logout Success Page Selection for Users Service Zone Default Default Page Template Page Uploaded Page External Page
141. file The Download User button is for exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Local user account can be assigned a policy and applied Local VPN individually Check the check box of individual local user account in the Enable Local VPN column to enable individually MAC address of a networking device can be bound with a local user as well Local User Setting Edit Local User List Enabled Disabled RADIUS Roaming Out Local user database will be used as authentication database for roaming out users Enabled Disabled 802 1 Authentication Local user database will be used as internal RADIUS database for 802 1 enabled LAN devices such as AP and switch o Edit Local User List lt let the administrator view add and delete local user account The Upload User button is for importing a list of user account from a text file The Download User button is for 46 IAC3000 User Manual exporting all local user accounts into a text file Clicking on each user account leads to a page for configuring the individual local account Local user account can be assigned a policy and applied Local VPN individually Check the check box of individual local user account in the Enable Local VPN column to enable individually MAC address of a networking device can be bound with a local user as well Co Ga Users List Applied Group Us
142. g PPPoE to connect to the network please set the Username Password MTU and CLAMPMSS There is a Dial on demand function under PPPoE If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WAN1 Configuration Static IP Address O Dynamic IP Address PPPoE Client Username DO Password WAN1 Port E WITI bytes Range 1000 1492 CLAMP MSS 1400 bytes Range 980 4400 Dial on Demand Enabled Disabled PPTP Client PPTP Client Select STATIC to specify the IP address of the PPTP Client manually or select DHCP to get the IP address automatically The fields with red asterisks are required to be filled in There is a Dial on demand function under PP TP If this function is enabled a Maximum Idle Time can be set When the idle time is reached the system will automatically disconnect itself WAN1 Configuration Static IP Address O Dynamic IP Address PPPoE Client PPTP Client Type static Y DHCP PPTP Server IP WAN1 Port Username Password PPTP Connection ID Name Dial on Demand Enabled Disabled 28 IAC3000 User Manual 4 1 4 WAN2 Configuration Select None to disable this WAN2 interface or there are 3 connection types for the WANZ2 port Static IP Address Dynamic IP Address and PPPoE Client WAN2 Configuration Mone Static IP Address O Dynamic
143. g the setting click Preview to see the login page e Custom Pages gt gt Login Page gt gt Default Page Choose Default Page to use the default login page Login Page Selection for Users Service Zone Default Default Page O Template Fage Uploaded Page External Page Default Page Setting Service Zone Default This is default login page for users You could click preview link to preview the default login page Thanks Previey e Custom Pages gt gt Login Page gt gt Template Page Choose Template Page to make a customized login page Click Select to pick up a color and then fill in all of the blanks You can also upload a background image file for your template Click Preview to see the result first 211 Login Page Selection for Users Service Zone Default Default Page Template Page O Uploaded Page External Page Template Page Setting Color for Title Background ElFAFD Select RGB values in hex mode Color for Title Text 034EA2 Select RGB values in hex mode Color for Page Background FFFFFF Select RGB values in hex mode Color for Page Text 585958 Select RGB values in hex mode Title Liser Login Page Welcome Welcome To User Login Page Information Please Enter Your Name and Password to Sign In Copyright Copyright c Logo Image File Preview and Edit the Image File Background Image File Preview and Editthe Image File Preview Custom Pages gt gt Login
144. g the upgrade boxes WDS Wireless Distribution System is a function to interconnect all the managed APs access points wirelessly to form a Tree connection with the structure of Parents and Children The WDS Management provides the WDS tree status and enable the administrator to add move and delete the WDS connections among the Tree 90 IAC3000 User s Manual 4 3 1 AP List All of the APs under the management of AC3000 will be shown in the list The AP can be edited by clicking the hyperlink of AP Name and the AP status can be got by clicking the hyperlink of Status AP List IP Address C AP Type AFP Hame Service Zone Status MAC Address 192 168 30 100 00 60 64 27 10 10 Reboot Enable Disable Delete Apply Template Apply Service Zone F NP725 officeAF a Default Offline After adding an AP Check any AP and click the button below to Reboot Enable Disable Delete Apply Template and Apply Service Zone to the checked AP e AP Name The AP name will be shown as hyperlink Click the hyperlink of each managed AP can have for configurations about the specific AP Click the hyperlink of the AP Name to have more configurations There are four kinds of settings available General LAN Wireless LAN and Access Control Click the hyperlink of each individual setting to have further configurations e Service Zone After the AP is added into AP List the managed AP can be assigned to one or multiple ser
145. ganization When Por Based mode is enabled each physical LAN port can be set individually to map to a specific Sevice Zone for later use By contrast under Tag Based mode Service Zones will be distinguished by VLAN tagging instead of physical LAN ports A table to display the Service Zones and related settings 23 IAC3000 User Manual 4 1 1 Configuration Wizard There are two ways to configure the l AC3000 system using the online Configuration Wizard or changing the settings by commands manually The Configuration Wizard comprises of 6 basic steps providing a simple and easy way to go through the basic setups of IAC3000 Refer to section 3 2 f Vb H i G Logout Jd 7 4 IAC3000 Internet Access Controller O Help HAB NELCONAA COM AE User We AP E Network ee WA l Utilities Status Authentication Management Configuration Configuration Wizard i Configuration Wizard n Configuration Wizard System Information AC3000 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a WAN1 Configuration baseline strategy Please follow the wizard step by step to configure IAC3000 A WAN Traffic Settings eee 00 24 4 1 2 System Information Main information about AC3000 is shown as follows
146. ge file size limit is 100 Kbytes No limit for the dimensions of the image is set but a 460x480 image is recommended Please upload an image file Note The Background file size limitis 100 Kbytes No limit for the dimensions ofthe image but a 460x480 image is recommended e Preview Click Preview bution the ticket will be shown including the information of username and password with the selected background Print the ticket here 3 Billing Plans Administrators can configure several billing plans Click Edit button to enter the page of Editing Billing Plan Click Apply to save the plan that manually set up by the administrators Go back to the screen of Billing Plans click Enable button and then the plan is activated Billing Plans Edit E ma Price hi o hrs 4 mins Time Edit Edit Edit Edit Edit Edit Edit Edit Edit Plan The number of the specific plan Type This is the type of the plan based on which it defines how the account can be used o Time Total period of time xx hrs yy mins during which On demand users are allowed to access the network 61 O O IAC3000 User Manual Editing Billing Plan Range of mings 0 59 they cannot both be zero 4 Account Activation F tsttime login must be done within day s o hour s Range of hounds 0O 23 they cannot both be zero 7 Valid Period After activation account willbe expired in davis C hd
147. greements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer gt Choose Billing Plan for Secure Pay Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled or disabled here as needed Enable Disable Choose to enable or disable the plan Quota The usage time or condition of each plan Price The price charged for this plan Secure Pay Payment Page Remark Content 69 IAC3000 User Manual SecurePay Payment Page Remark Content You must 111 in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card gt PayPal Payment Page Remark Content The message content will be displayed as a special notice to end customers in the page of Rate Plan For example it can describe the cautions for making a payment via Secure Pay 5 On demand Account Creation On demand accounts are listed and related When at least one plan is enabled the administrator can generate on demand user accounts here Click this to enter the On demand Account Creation screen Click on the Create button of the desired plan and an on demand user account will be created Click Print to print a receipt which will contain the on demand user s information including the username and password Note If no Billing plan is enabled accou
148. gt Enter New Hash Value amp Confirm Hash Value gt gt Click Submit If the Card Code is set up as a required field please log in Authorize Net gt gt Required Card Code Click Settings and Profile gt gt Go to the Security section gt gt Click Card Code Verification gt gt Check the Does NOT Match N box gt gt Click Submit After setting up the required address fields on the Credit Card Payment Page Billing Configuration section of AC3000 the same requirements Required Address Fields must be set on Authorize Net To do so please log in Authorize Net gt gt Click Settings and Profile gt gt Go to the Security section gt gt Click Address Verification System AVS gt gt Check the boxes accordingly gt gt Click Submit 1 4 Test The Credit Card Payment via Authorize Net To test the connection between IAC3000 and Authorize Net please log in I AC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize Net gt gt Go to Authorize Net Payment Page Configuration section gt gt Enable the Test Mode gt gt Click Try Test and follow the instructions External Payment Gateway 2 Authorize Net PayPal Disable Authorize Net Payment Page Configuration Merchant Login ID Merchant Transaction Key
149. h type of notification to be sent gt Interval The time interval to send the e mail report gt Send Test Email To test the settings immediately gt Send From The e mail address of the administrator in charge of the monitoring This will show up as the sender s e mail 138 IAC3000 User s Manual gt SMTP The IP address of the sender s SMTP server gt Auth Method The system provides four authentication methods Plain Login CRAM MD5 and NTLMv1 or None to use none of the above Depending on which authentication method selected enter the Account Name Password and Domain o NTLMvt1 is not currently available for general use o Plain and CRAM MD5 are standardized authentication mechanisms while Login and NTLMv1 are Microsoft proprietary mechanisms Only Plain and Login can use the UNIX login password Netscape uses Plain Outlook and Outlook express use Login as default although they can be set to use NTLMv1 o Pegasus uses CRAM MD5 or Login but which method to be used can not be configured Syslog Configuration There are 3 types of Syslog supported System Log On demand User Log and Session Log Enter the IP address and Port number to specify which and from where the report should be sent to Note When the number of a user s session TCP and UDP reaches the session limit specified in the policy a record will be logged to this Syslog server FTP Server Settings Session Log Log each connecti
150. he specific AP AP Name Mnemonic name of the specific AP Admin Password Password required for this AP Template The template which will be applied to the added AP Channel The selected channel will be applied to the added AP Service Zone Select the name of Service Zone such as Service Zone 1 Guest or Employee VV VV VV VV Y Add The administrator can click Add button to register the APs to the List for management Tag Based and Port based Configuration in AP Discovery screen Note After when configures service zones setting and port tag based Mapping in 4 1 6 LAN Port Mapping and 4 1 7 Service Zones the administrator continues to configure AP Discovery settings in AP Management while AP Discovery settings differ for port based and tag based mode For complete settings for both port and tag based mode please refer to Appendix C Service Zone Deployment Example In port based mode a new AP must be placed under the Default port only for discovery and then add the AP into other zone In tag based mode a new AP must be placed under any selected port for discover and then select the desired zones before adding the AP into the list gt Step 1 Configure the mode of LAN Port Mapping and Service Zones such as Guest and Employee in System Configuration See Appendix C for further information gt Step 2 Select AP Discovery in AP Management o Port Based mode In Port based mode set the Interface in Default port Select Default in
151. hown in the two tables below Port based Service Zone Service Zone Settings Service WLAN Applied Default j Zone Port Map SSID Encryption Policy Authentication Status Details Name Net OO ga Ea com Default loro m_l None Policy1 Server Enable AC3 MI None Policy1 Semert Disable 21 OD OD OD O UO Z2 None Policy 1 Server 1 Disable OD OD F Z3 ACA None Policy 1 Server 1 Disable OD OD D JOD Db Wb K S24 None Policy 1 Server 1 Disable OD OD C a SZ5 ACA None Policy 1 Server 1 Disable OD OD OD OD SZ6 Ps None Policy 1 Server 1 Disable OD OD OD O OUD SZ7 None Policy 1 Server 1 Disable OD OD DD O 0 SZ8 None Policy 1 Server 1 Disable JD OD CQ a gt Service Zone Name Mnemonic name of the Service Zone gt Port Map Shows which port maps to which Service Zone in port based mode 36 gt SSID The SSID that is associated with the Service Zone gt WLAN Encryption Data encryption method for wireless networks within the Service Zone IAC3000 User Manual gt Applied Policy The global policy that is applied to the Service Zone This is for users who are not assigned to any group such as users who access the network using Walled Garden Each group can set its own group policy Group policy overrides global Service Zone policy Tag based Service Zone Service Zone Name Default 521 SA2 523 5 4 S25 SzG 326
152. ial my default connector Current None Local rea Network LAN settings LAM Settings do not apply bo dial up connections LAN Settings Choose Settings above For dial up settings 3 When the Welcome to the New Connection New Connection Wizard Wizard window appears click Next Te to the New Connection Zar This wizard helps you Connect to the Internet Connect to a private network such as pour workplace network Set up a home or small office network To continue click Mest 4 Choose Connect to the Internet and then New Connection Wizard A Hetwork Connection Type click Next What do you want to do Connect to the network at my workplace Connect to a business network using dial up or VPN 20 you can work from home a held office or another location Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using Your senal parallel or infrared port or set up this computer so that other computers can connect bo i Tele 188 IAC3000 User s Manual 5 Choose Set up my connection manually and heehee it then click Next sel MO A The wizard i preparing to set up pour Internet connection How do you want to connect to the Internet nternet service providers ISPs er ol a pour account name password
153. ice Zone 1 for Guests Assume that LAN1 is assigned to the Service Zone 1 SZ1 for Guests Click the System Configuration menu and select the Service Zones tab Click Configure of SZ1 Service Zone Settings Configuration Wizard Service Zone Settings System Information Semice WLAN Applied Default Zone PortMap SSID Encryption ci Authentication Status Details gt Name cds gi WANT Configuration ODA e m Default 300 None Policy1 Serveri Enable WAN2 Configuration _ _ _ _ 0 WAN Traffic Settings GA ee sz1 ODO 300 None Policy1 Serverd Disable 0 1 LAN Port Mapping Ona e ap 522 300 None Policy 1 Server 1 Disable Configure a va 0 2 Step 2 Configure Basic Settings for SZ1 164 IAC3000 User s Manual Check the Enable radio button of Service Zone Status to activate SZ1 Enter a name for SZ1 e g Guest in the Service Zone Name field Mel 59 Logout JH GOM IAC3000 Internet Access Controller OIE WWW NE COMIN COM 3U 7 User 1 f AP Network y Authentication Management Configuration a Service Zone Settings Configuration Wizard ne Basic Settings C oe Service Zone Status Enable Disable WAN1 Configuration Service Zone Name Guest WAN Configuration Operation Mode NAT O Router eu 7 Sm Network Settings IP Address 192 168 311 WAN Traffic Settings l Subnet Mask 255 255 255 0 LAN Port Mapping O Disable DHCP Serve
154. ime server Since this interface does not support manual setup for its internal clock therefore we must reset the internal clock through the NTP Print the kernel ring buffer It is used to examine or control the kernel ring buffer The program helps users to print out their boot up messages instead of copying the messages by hand Main menu Go back to the main menu 203 IAC3000 User s Manual Change admin password Besides supporting the use of console management interface through the connection of null modem the system also supports the SSH online connection for the setup When using a null modem to connect to the system console we do not need to enter administrator s password to enter the console management interface But connecting the system by SSH we have to enter the username and password The username is admin and the default password is also admin which is the same as for the web management interface Password can also be changed here If administrators forget the password and are unable to log in the management interface from the web or the remote end of the SSH they can still use the null modem to connect the console management interface and set the administrator s password again Caution Although it does not require a username and password for the connection via the serial port the same management interface can be accessed via SSH Therefore we recommend you to immediately change the IAC3000 A
155. in screen the reasons may be 1 The PC is set incorrectly so that the PC can t obtain the IP address automatically from the LAN port 2 The IP address and the default gateway are not under the same network segment Please use default IP address such as 192 168 30 xx in your network and then try it again For the configuration on PC please refer to Appendix F IAC3000 supports three kinds of account interface You can log in as admin manager or operator The default username and password as follows Admin The administrator can access all area of the lAC3000 User Name admin Password admin NEILOMM i IAC3000 Internet Access Controller WWW ECCOINNT COUN AU Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In User Name Password TINT TIS EIR Ta TS ES ST Ez cog X Logout Netcom 1AC3000 Internet Access Controller OIE WWW NE COMIM COM IYU ren User AP Network Configuration Authentication Management Configuration _ _ eee Welcome to System Administration This Administrative Web Interface allows you to set various networking parameters to customize network services to manage user accounts and to monitor user status Functions are separated into 6 main categories System Configuration User Authentication AP Management Network Configuration Utilities and Status MEDID 14C3000 Inter
156. individual rules and then click Apply to save the settings The rule status will show on the list Check the Active check box and click Apply to enable that rule This link leads to the Firewall Rules page Rule No 1 has the highest priority Rule No 2 has the second priority and so on Each firewall rule is defined by Source Destination and Pass Block action Optionally a Firewall Rule Schedule can be set to specify when the firewall rule is enforced It can be set to Always Recurring or One Time Ho Ima Active d Policy 1 Firewall Rules l IPSec Source Encrypted l Action Name Service Schedule z 2 BE Destination Encrypted ANY Block ALL Always ANY ANY Block ALL Always ANY Below depicts an example of selecting Filter Rule Number 1 84 IAC3000 User s Manual Policy 1 Edit Filter Rule Rule Item 1 Rule Name po Source Destination Interface ALL wt Interface ALL Subnet Mask Subnet Mask tame O tame O MAC Address Service ALL ka Schedule Always Recurring One Time Action O Block O Pass o Rule Item This rule number of the selected rule Rule No 1 has the highest priority Rule No 2 has the second priority and so on o Rule Name The rule name can be changed here o Source Destination Interface Zone There are choices of ALL WAN1 WAN2 Default and the Service Zones to be applied to the traffic interface o Source Destination IP Address Domain Name Enter the source and
157. ion SIP Interface Configuration Enabled WAN Interface WAN The system provides SIP proxy functionality which allows SIP clients to pass through NAT When enabled all SIP traffic can pass through NAT via a fixed WAN interface The policy route setting of SIP Authentication must be configured carefully because it must cooperate with the fixed WAN interface for SIP authentication SIP Transparent Proxy can be activated in both NAT and Router mode SIP Authentication must support in either mode For users logging in through SIP authentication a policy can be chosen to govern SIP traffic The policy s login schedule profile will be ignored for SIP authentication Specific route and firewall rules of the chosen policy will be applied to SIP traffic 3 Service Zone Settings Authentication Settings 39 IAC3000 User Manual Authentication Settings Authentication Status Enable Disable Server 1 LOCAL local a Server POP3 pop3 Authentication Options serer3 RADIUS radius O Server 4 LDAP Idap O SndemandU ONDEMAND ondemand SIP SIP N A Login Page Configure Logout Page Configure Login Success Page Configure Custom Pages Login Failed Page Configure Login Success Page for On demand User Configure Logout Success Page Configure Logout Failed Page Configure Group Permission for this Service Zone Configure Default Policy in this Service Zone Policy1 Edit System Policies Email Message for Login Remin
158. ion settings for the associated WDS Tree e WDS Update Update the WDS connection with the following operations gt Add Add anew WDS connection with a Child AP not in the WDS and a Parent AP from the AP List A new WDS Tree will be added if the selected Parent AP is not in any of the current WDS Trees Clicking Edit is to change the WDS connection settings for the new added WDS Tree gt Move Update a WDS connection with a Child AP from WDS and a Parent AP which could be anyone from WDS and the previous WDS connection of the Child AP to the previous Parent AP will be deleted gt Delete All the WDS connections of the selected AP will be deleted including the WDS connections to its Child APs and the Child APs without wired connection will become unreachable 104 IAC3000 User s Manual 4 4 Network Configuration This section includes the following functions Network Address Translation Privilege List Monitor IP List Walled Garden List Walled Garden Ad List Proxy Server Properties Dynamic DNS IP Mobility and VPN Configuration Network Configuration Network Address Translation Network Configuration Privilege List Network Address IAC3000 provides 3 types of network address translation DMZ Translation Demilitarized Zone Public Accessible Server and IP Port Redirect System provides Privilege IF Address List and Privilege MAC Address a List System will NOT authenticate those listed devices Wal
159. irmware Upgrade Update lAC3000 firmware Network Utilities Restart Restart the system Some network utilities such as Wake on LAN web based Ping and Network Utilities ARP table are supported by the system 121 IAC3000 User s Manual 4 5 1 Change Password AC3000 supports three accounts with different access privileges Choose to log in as admin manager or operator The default password and access privilege for each account are as follow Admin The administrator can access all configuration pages of the AC3000 User Name admin Password admin Manager The manager can only access the configuration pages under User Authentication to manage the user accounts but has no permission to change the settings of the profiles for Firewall Specific Route and Schedule User Name manager Password manager Operator The operator can only access the configuration page of Create On demand User to create and print out the new on demand user accounts User Name operator Password operator Change Admin Password Old Password New Password S verify Password a Change Manager Password a Change Operator Password The administrator can change the passwords here Please enter the current password and then enter the new password twice to verify Click Apply to activate this new password Caution If the administrator s password is lost the administrator s password still can be changed through the text
160. ividual Maximum Unlimited E Downlink Indruidual Request Downlink Group Total Uplink Unlimited Indraidual Maximum a peer Unlimited Uplink Individual Request aed None ww Uplink o Traffic Class A Traffic Class can be chosen for a Group of users There are four traffic classes 76 IAC3000 User s Manual Voice Video Best Effort and Background Voice and Video traffic will be placed in the high priority queue When Best Effort or Background is selected more bandwidth management options such as Downlink and Uplink Bandwidth will appear o Group Total Downlink Defines the maximum bandwidth allowed to be shared by clients within this Group o Individual Maximum Downlink Defines the maximum downlink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Downlink cannot exceed the value of Group Total Downlink o Individual Request Downlink Defines the guaranteed minimum downlink bandwidth allowed for an individual client belonging to this Group The Individual Request Downlink cannot exceed the value of Group Total Downlink and Individual Maximum Downlink o Group Total Uplink Defines the maximum uplink bandwidth allowed to be shared by clients within this Group o Individual Maximum Uplink Defines the maximum uplink bandwidth allowed for an individual client belonging to this Group The Individual Maximum Uplink cannot exceed the value of Group Total Uplink o Individual Request Uplink
161. k 255 255 255 0 Default Gateway 192 168 30 1 Primary DNS 192 168 30 1 gt Wireless LAN Click Wireless LAN to enter the Wireless interface The data of Properties and Security need to be filled Wireless SSID Broadcast Enabled Channel Band 802 11b 802 11g Data Rate Fragment Threshold 7345 Default 2348 Range from 258 to 2348 RTS Threshold 7346 Default 2348 Range from 1 to 2348 100 Default 100 Range from 100 to 500 Beacon Interval ms Preamble Long Only Transmit Power Wireless O05 WMM Wireless Client Isolation lAPP Properties e SSID Broadcast Select this option to enable the SSID to broadcast in the network When configuring the network it s suggested to enable this function but also make sure to disable it when finished With this enabled someone could easily obtain the SSID information with the site survey software and get unauthorized access to an individual s network With this disabled to increase network security and prevent the SSID from being seen on networked e Channel Select the appropriate channel from the list to correspond with the network settings e Wireless b g Mode There are 3 modes to select from 802 11b 2 4G 1 11Mbps 802 11g 2 4G 54Mbps and 802 11b 802 11g b and g 94 IAC3000 User s Manual Data Rate The default is Auto Available range is from 1 to 54Mbps The rate of data transmission should be set depending on the speed of
162. l Profile hal Specific Route Profile Maximum Concurrent A a ad 500 Sessions per User e Select Policy Select Global to set the Firewall Profile Specific Route Profile and Privilege Profile e Firewall Profile Global policy and each policy have a firewall service list and a set of firewall profile which is composed of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client 80 IAC3000 User s Manual gt Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules O Global Policy Firewall Configuration Predefined and Custom Service Protocols Firewall Rules Predefined and Custom Service Protocols There are predefined service protocols available for firewall rules editing The administrator is able to add new custom service protocols by clicking Add and delete the added protocols with Select All and Delete operations This link leads to a Service Protocols List where the administrator can defined a list of service by protocols TCP UDP ICMP IP No 10 Name ALL ALL TCP ALL UDP ALL
163. l website as well as AC3000 2 1 Refund a completed payment and remove the on demand account generated on l AC3000 1 To refund a payment please log in PayPal gt gt Click History gt gt Locate the specific payment listing in the activity history log gt gt Click Details of the payment listing gt gt Click Refund Payment at the end of the details page gt gt Type in information Gross Refund Amount and or Optional Note to Buyer gt gt Click Submit gt gt Confirm the details and click Process Refund 2 To remove the specific account from lAC3000 please log in lAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account ID Click Delete All to delete all users at once On demand Account List Username Password Remaining Quota Status Remark Delete All pre Skffvydv 2 hris Normal Delete 2 2 Find the username and password for a specific customer 1 To find the username please log in PayPal gt gt Click History gt gt Locate the specific payment listing in the activity history log gt gt Click Details of the payment listing gt gt Username can be found in the Item Title field 2 To find the password associated with a specific username please log in I AC3000 User Authentication gt gt Authentication Configuration gt gt Click
164. led Garden List system can monitor up to 40 network devices online status with an z z Monitor IP List option to add them as public access servers via HTTP or HTTPS Even under NAT mode after added the devices as public access servers the devices can be accessed by clicking the hypertext _Proxy Server Properties Up to 20 hosts URL could be defined in Walled Garden List Clients i Ga List p to osts cou i ah inn AM n alled Garden List Clients may access these URL without authentication l LI o 70 y i yo co Ae OT di fp un Gard iT ji Walled Garden AD List p to 10 ee ci ey HE aa in lud Garden Ad List i IP Mobilit Clients may access these URL without authentication IAC3000 supports up to 10 external proxy servers Proxy Server Tae S eats gees a VPN Configuration Pr ti system can redirect traffic to external proxy server into built in proxy Server Dynamic DNS 1453000 supports dynamic DNS DONS feature IP Mobility system supports IP PNP Configuration Local VPN an IPSec tunnel can be established between the system and the client located at the LAN side Remote VPN a PPTP tunnel can be established between the system and the remote user over the Internet Site to Site VPM an IPSec tunnel can be constructed to be used to connect to other IPSec capable device over the Internet VPN Configuration 105 IAC3000 User s Manual 4 4 1 Network Address Translation There are
165. lete check box and then click the Delete button to remove that user from the black list Black List Configuration Select Black List 1 Blacklistl Name Blacklist User Remark James Hacker 75 IAC3000 User s Manual 4 2 3 Group Configuration There are 8 groups to choose from Local users can be classified by applying Group options A Group which is allowed to access a Service Zone can be applied with a Policy within this zone The same Group within different Service Zones can be applied with different Policies as well as different Authentication Options Group Configuration Group 1 Select Group QoS Profile Privilege Profile Zone Permission Configuration Policy Assignment Group 1 Name Enabled Policy Edit Group Permission Service Zone Default Policy 1 Default Service Zone Guest Policy 1 Guest Service fone F i Bane Policy1 Employee x s CI P 1 Cr Ps tal Service Zone 523 Policy 1 w service Zone 74 Policy1 x co J CT Service Zone 525 Policy 1 x oo Le Service Zone 526 Policy 1 x 0 Service Zone SZT Policy 1 x Service Zone 28 Policy1 E Ps oo Remote WEN x Policy 1 Remote VPN e Group Configuration Group 1 gt QoS Profile Set parameters for traffic classification Group 1 Traffic Configuration Traffic Class BestEffat Group Total Downlink Unlimited Ind
166. ling comma must be retained When adding user accounts by uploading a file existing accounts inthe embedded database that are also defined in the data file will not be replaced by the new ones Note 2 f you want user Enabled Local VPN please set IPSec field to 1 or 0 would disable Note 3 Only 0 97 A Z ae Zz and _ are acceptable for password field Upload User Account O mm ree S J Upload The uploading file must be a text file and each line should contain the following information in this specific order Username Password MAC Address Applied Group Remark and Enable Local VPN No spaces are allowed between fields and commas The MAC field can be omitted but the trailing comma must be retained When adding user accounts by uploading a file the existing accounts in the embedded database will be remained but not replaced by new ones Local VPN Enabled Username Password MAC Address 1 enable 0 disabled aser3 iser3 00 00 00 00 00 00 8 user3 Applied Group Remark Download User Use this function to create a txt file with all built in user account information and then save it on disk Users List Group Username Password MAC Local VPN Enabled Remark 0 test test 0 test Download SO Search Enter a keyword of a username to be searched in the text filed and click this button to perform the search All usernames matching the keyword will be listed 48 Username Password r q test MAC
167. lose this wizard you can connect to the Internet at any time by double clicking the Internet Explorer icon on your desktop e O To connect to the Internet immediately select this box and then click Finish To close the wizard click Finish SEE Tools Help ay amp Control Panel File Edit View Favorites Qu Address G Control Panel w pa Search Kea Folders EEE E a AA e B 2 Accessibility Add Hardware Add or Administrative Date and Time Options Remov Tools Internet Options va Control Panel a Switch to Category View See Also Game Controllers Display Folder Options Fonts gt T e 2 A Keyboard Network Connections 8 Printers and Regional and Scanners and Faxes Language Cameras yg Y e e Speech System Taskbar and User Accounts YMware Tools Y Windows Update O Help and Support Phone and Modem Mouse Power Options O Sounds and Audio Devices Scheduled Tasks IAC3000 User s Manual 2 Choose the Connections tab and then click Internet Properties Setup General Security Privacy Content Connections Programs Advanced e To set up an Internet connection click Setup Dial up and Virtual Private Network settings Remove Choose Settings iF you need to configure a proxy Settings server For a connection Never dial a connection Dial whenever a network connection i not present Always d
168. ltiple Service Zones in either of the two VLAN modes Port Based or Tag Based but not concurrently In Port Base mode each LAN port can only serve traffic from one Service Zone as each Service Zone is identified by physical LAN ports In Tag Based mode each LAN port can serve traffic from any Service Zone as each Service Zone is identified by VLAN tags carried within message frames By default the system is in Port Based mode with Default Service Zone enabled and all LAN ports are mapped to Default Service Zone Compare the two figures below to see the differences Service Zone Port Role Setting Select Service Zone Mode Port Based O Tag Based Choice Of Port Role LANS LA ANG LAN LANE LANA LANZ LAN3 LAM4 i xDSL Coble ISP1 xDSL Coble y ISP 1 Modem y a Modem WANI WANI gt gt loyer2 Switch E A Loyer switch A VAN switen io ti z i Service Zone VLAN Service Zone VLAN Service Zone VLAN Service Zone VLAN for Staff for Guests for Stati for Guests Port Based Tado Based It is recommended that the administrator decides which mode is better for a multiple service zone deployment before proceeding further with the system configuration Settings for the two VLAN modes are slightly different for example the VLAN Tag setting is required for Tag Based mode 33 IAC3000 User Manual e Select Service Zone Mode Select a VLAN mode either Port Based or Tag Based Service
169. lue Enter lt input type reset names clear value Clear gt lt form 2 Custom Pages gt gt Logout Page The administrator can apply their own logout page in the menu As the process is similar to that of the Login Page please refer to the Login Page gt gt Uploaded Page instructions for more details Upload Logout Page Service Zone Default Existing Image Files Total Capacity 512 K Now Used 0 K Upload Image Files Service Zone Default Preview Note The different part is the HTML code of the user defined logout interface must include the following HTML code that the user can enter the username and password After the upload is completed the customized logout page can be previewed by clicking Preview at the bottom of this page If restore to factory default setting is needed for the logout interface click the Use Default Page button lt form action usertogout shtmi metho post name E nter gt lt input type text name nwyusemame gt lt input type pa ssword name hw pas saord gt lt input type submit na me submit value L ogout gt lt input type reset name clear value Clear gt lt forme 3 Custom Pages gt gt Login Success Page The users can apply their own Login Success page in the menu As the process is similar to that of the Login Page please refer to the Login Page instructions for more details 214 IAC3000 User s
170. n password of the user Remaining Quota The remaining time or volume that the user can continue to use to access the network Status The status of the account gt gt gt gt gt Normal the account is not currently in use and also does not exceed the quota limit Online the account is currently in use Expired the account is not valid any more even there is remaining quota to be used Out of Quota the account has exceeded the quota limit Redeemed the account has been applied for account renewal Remark The remark added by the operator at the time of ticket creation Delete All This will delete all the users at once Delete This will delete the users individually T2 4 2 1 7 IAC3000 User Manual SIP The system provides SIP proxy for SIP clients devices or soft clients pass through NAT After enable SIP proxy server all SIP traffic can pass through NAT with a selective but fixed WAN interface Administrator will be able to add up to four trusted SIP Registrars A group can be chosen to govern SIP traffic Authentication Server SIP IP Address Group iv Group selection applied to clients login with SIP authentication e SIP SIP authentication supports 4 Trusted SIP Registrar e IP Address The IP address of the Trusted SIP Registrar e Remark The administrator can enter extra information in this field for remark e Group A Group option can be applied to the clients who
171. n the users information History The email address to which the traffic history or user s traffic history Email To l information will be sent me NTP Server The network time server that the system is set to align Time DateTime The system time is shown as the local time Idle Timer The minutes allowed for the users to be inactive before their account lied expires automatically Multiple Login Enabled disabled stands for the current setting to allow disallow multiple logins form the same account Preferred DNS Se IP address of the preferred DNS Server Alternate DNS IP address of the alternate DNS Server 129 IAC3000 User s Manual 4 6 2 Interface Status This section provides an overview of the interface for the administrator including WAN1 WAN2 SZ default 8 en Interface Status Interface Status MAC Address 00 60 64 27 14 97 WAN1 IP Address 172 17 1 170 Subnet Mask 255 255 0 0 WAN Disabled WAN1 WAN2 Packets In 29317 A 3962 0 A0 Packets Out 4455 A 4097 D A 0 Bytes In 17865152 A 1147121 O A 0 Bytes 527786 4 489503 D A 0 Mode NAT MAC Address 00 60 64 27 14 95 Service Zone Default IP Address 192 168 30 1 Subnet Mask 255 255 255 0 Status Enabled WINS IP Address NA Service Zone Default a see ane DHCP Server Start IF Address 192 168 30 2 End IP Address 192 168 30 100 Lease Time 1440 Min s Service Zone 521 Disabled Service Zone 78 Disabled 130 IAC3000 User s Manual
172. net Access Controller _ WWW Netcom COM 2U Manager The manager can access the area under User Authentication to manage the user account but no permission to change the settings of the profiles of Firewall Specific Route and Schedule User Name manager Password manager Mef LOM i IAC3000 Internet Access Controller WWW NE COMIN COM 3U Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In rv User Name manager Password ES EeSaESSSSSTASESEESEEEISTESESSTESIESESISSLSSERLE EIST ERIE Or ca tee Ea EE Gateway o eS a L AP h System Configuration Authentication Configuration Black List Configuration Group Configuration o ooo ooo Policy Configuration Authentication Configuration Management Configuration Black List Configuration Configuration Group Networ Utilities Status User Authentication User Authentication Each server allows only one type of authentication method and one Black List Profile System supports the following external authentication servers POP3 S RADIUS LDAP NT Domain and SIP System supports 5 Black List profiles for used within the authentication server On demand users are NOT bounded by the Black List 8 sets of group profiles can be define and used to enforce the access control for different groups of users A policy can be selected to apply to a group of users
173. net Mask of the WAN2 port gateway boots up The delta shows the difference between the numbers from last time this Interface Status page is visited End IP address The end IP address of the DHCP IP range Subnet Mask The Subnet Mask of the default SZ 131 IAC3000 User s Manual 4 6 3 Routing Table All the Policy Route rules and Global Policy Route rules will be listed here Also it will show the System Route rules specified by each interface Se wy Subnet Mask Gateway sumama Owy Destination Subnet Mask Mask Gateway Iterface Subnet Mask Gateway sumama RE Destination Subnet Mask Mask ss Interface Destination Subnet Mask Mask ss Interface 2 UE Subnet Mask Gateway sancti Ps Destination Subnet Mask Mask ss Interface te ay Subnet Mask Gateway ey ey Subnet Mask Gateway A 10 Destination Subnet Mask Mask ss Interface ETT Policy Destination SubnetMask Mask Interfaces System Destination Subnet Mask Gateway Interface 192 168 30 0 255 255 255 0 0 0 0 0 Default 172 17 0 0 255 255 0 0 0 0 0 0 WAN 0 0 0 0 0 0 0 0 172 17 1 1 WAN 132 IAC3000 User s Manual Policy 1 12 Shows the information of the individual Policy from 1 to 12 Global Policy Shows the information of the Global Policy System Shows the information of the system administration gt Destination Th
174. network and without being authenticated Up to 20 addresses or domain names of the websites can be defined in this list Users without the network access right can still have a chance to experience the actual network service free of charge Enter the website IP Address or Domain Name in the list and these settings will become effective immediately after clicking Apply Walled Garden List Item Address ltem Address The Walled Garden Ad list provides enables the display of the free websites in Walled Garden List to be shown in the subscriber login page 111 Walled Garden Ad List URL Topic Description httpvwww netcomm com au Hospitality Solution NetComm Limited Official Website EE Walled Garden Ad List Walled Garden Ad List Item 1 URL http www netcomm com au Topic Hospitality Solution Description NetComm Limited Official Website Edit Display m Edit BEBE m n Edit E E oo Edi Edit d L CI d d d d L d E CA IAC3000 User s Manual Up to 10 addresses or domain names of the websites can be entered and displayed in the subscriber login page Click on Edit and enter the website IP address or Domain Name Topic and Description in the list then click Apply To make the Walled Garden Ad List active please check the box named Display and click Apply An example of the subscriber login page is shown as follows 112 IAC3000 User s Manual
175. nt The right choice for your online business Accept all payment types for low fees Do business under a company or group name Learn more Forgot your email address Member Log In Forgot your password Step 2 Edit necessary settings in Website Payment Preferences Click Profile gt gt Click Website Payment Preferences in the Selling Preferences section PayPal Log Out Help Security Center My Account Send Money Request Money Merchant Tools Auction Tools Overview Add Funds Withdraw History Resolution Center Profile Summary To edit your Profile information please click on a link below Account Information Financial Information Selling Preferences Email Credit Cards Auctions Street Address Bank Accounts Regional Tax Phone Currency Balances Shipping Calculations Password Gift Certificates Payment Receiving Notifications Monthly Account Statements Preferences Multi User Access Preapproved Payments Instant Payment Notification Preferences API Access m tot eputation Business Information f Customer Service Message Close Account Seller Eligibility for PayPal Buyer Protection Encrypted Payment Settings Custom Payment Pages Invoice Templates Language Encoding Administrators should scroll down to edit each setting as shown in the table below To activate all the changes please click Save at the end of the page 154 Auto Return On Return URL Redirect Webpage Type http www www com or other URL
176. nts cannot be created by clicking Create button Please goes back to Billing Plans to active at least one Billing plan by clicking Edit button and Apply the setting to activate the plan The printer used by Print is a pre configured printer connected to the administrator s computer On demand Account Creation Plan Type Quota Price Status Function 1 Time 1 hr s 2 min s 2 Enabled 2 Time 12 hr s 3 99 Enabled 3 Volume 500 Mbyte s 5 Enabled 4 NVA NA NIA Disabled 5 M A MA MA Disabled 6 NA PLA NA Disabled T NA PLA PLA Disabled a NA PLA PLA Disabled g M A MA MA Disabled 0 NVA NWA NIA Disabled e Plan The number of a specific plan e Type Show one type of the plan in Time Volume or Cut off e Quota The Time Volume is how long the on demand user is allowed to access the Internet e Price The unit price of each plan 70 IAC3000 User Manual Status Show the status in enabled or disabled Function Press Create button for the desired plan You can add an operator s remark and press the Create button again An On demand user account will be created and then click Printout to print a receipt which will contain this on demand user s information On demand Account Creation Plan Type Quota Price Status Function 1 Time 2 hrs 0 mins 20 Enabled 2 Volume 100 Mbyte s 15 Enabled 3 NIA NIA NIA Disabled Create 4 NIA N A N A Disabled Create 5 NIA NIA N A Disabled Create
177. oint devices Furthermore IAC3000 introduces the concept of Service Zones multiple virtual networks each with its own definable network policy This is very useful for hotspot owners seeking to provide different customers or staff with different levels of network services The following diagram is an example of IAC3000 set to manage the Internet and network access Mobile Worker VPN Built in sss External Mail Account Authentication Server Database F Server Modem BB Web ISPI Ear pe a services at a hotspot venue j erne ae ont Balancing VPN E DOR Hd A Switch FR iir Me gt A Switch Switch lt p A Wireless Wired VPN VPN DMZ Zone VPN ven RYPN gt nf Pr VPN lt gN A Wi Fi Phone PDA 2 Wi Fi Phone a PDA Branch Office for Visitors Employee Working Area Conference Room Reception Area An example of typical SMB network deployment IAC3000 User Manual 2 3 Capacity and Performance Capacity and Performance IAC3000 Concurrent Users Local Accounts 1000 On demand user Accounts 2 000 12 Managed Access Points NP725 Monitored 3rd Party Access Points VPN Termination Tunnels VPN 3DES DES Throughput Chapter 3 Base Installation 3 1 Hardware Installation 3 1 1 System Requirements gt Standard 10 100BaseT network cables with RJ 45 connectors gt All PCs need to install the TCP IP network protocol 3 1 2 Package Contents
178. olicy Mapping function will be available to let the administrator assign a policy for a RADIUS Class attribute When the type of database is LDAP a policy is applied to user group defined an attribute value pair The Attribute Policy Mapping function will be available to let administrator assign a policy for a LDAP Attribute When the type of database is SIP the Policy selection function will be available to let the administrator assign a policy for all SIP users Policy Configuration Policy 1 Select Policy Policyl Firewall Profile setting Specific Route Profile Schedule Profile Setting Maximum Concurrent Sessions 300 Sessions per User e Select Policy Select a Policy for further configuration Below depicts an example of selecting Policy 1 e Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules e Select Policy Select Policy1 Policy12 to set the Firewall Profile Specific Route Profile Schedule Profile and Maximum Concurrent Session e Firewall Profile Each Policy has a firewall service list and a set of firewall profile consisting of firewall rules e Specific Route Profile The default gateway of WAN1 WAN2 or a desired IP address can be defined in a policy When Specific Default Route is enabled all clients applied this policy will access the Internet through this default gateway e Schedule Profile The Schedule table in a 7X24 format is used to c
179. on Status Enabled AMD PCNET Family PCI Ethernet Adapter la Displays the properties of the selected connection Local Area Connection Properties q Md General Connect uzing BS AMD PENET Family PEI Ethernet Adapter Components checked are used by this connection Description Transmission Control Protocolelnmterniet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected Internet Protocol TCP IP Properties General You can get F settings assigned automatically if your network supports thi capability Othenwise you need to ask your network administrator for the appropriate IP settings IP address Subnet mask Dehaull gateway Obtain DNS server address automatically Use the following DNS server addresses Advanced _ ee Aa gt cerca Ak Prefered DNS server Alternate WAS server IAC3000 User s Manual 5 Using Specific IP Address If you want to use a specific IP address acquire the following information from the network administrator the P Address Subnet Mask and DNS Server address provided by your ISP and the Gateway address of IAC3000 Note If your PC has been set up completed please inform the network administrator before proceeding to the following steps 5 1 Choose Use the following IP address and Mii UA ABEL
180. on created by users and tracking the source IP and destination IP If Syslog is enabled Session Log will be sent to the Syslog server automatically during every defined interval in Session Log email notification Session Log allows uploading the log file to a FTP server periodically The maximum log file size is 256K The log file will be sent to the FTP server once the file size reaches its maximum size or periodical time interval 139 IAC3000 User s Manual 4 7 Help On the screen the Help button is on the upper right corner Click Help to the Online Help window and then click the hyperlink of the items to get the information Online Help Overview system Configuration Configuration Wizard system Information WAN1 Configuration WAN2 Configuration WAN Traffic Settings LAN Port Mapping Service Zones User Authentication Authentication Configuration Authentication Server Configuration Auth Method Local Auth Method POP3 Auth Method RADIUS Auth Method LDAP Auth Method NT Domain Auth Method ONDEMAND Auth Method SIP Black List Configuration Group Configuration Policy Configuration Additional Configuration 140 IAC3000 User s Manual AP Management AP List AP Discovery AP Discovery Background AP Discovery Discovered AP List Manual Configuration Template Settings Template Editing Firmware Management AP Upgrade WDS Management Network Configuration Network Address Translation Privileg
181. ontrol the clients login time When Schedule is enabled clients applied policies are only allowed to login the system at the time which is checked in the applied policy e Maximum Concurrent Sessions Set the maximum concurrent sessions for each client 83 IAC3000 User s Manual gt Firewall Profile Click Setting for Firewall Profile The Firewall Configuration will appear Click Predefined and Custom Service Protocols to edit the protocol list Click Firewall Rules to edit the rules O Policy 1 Firewall Configuration Predefined and Custom Service Protocals Firewall Rules Predefined and Custom Service Protocols This link leads to a Service Protocols List where the administrator can defined a list of service by protocols TCP UDP ICMP IP There are predefined service protocols available for firewall rules editing The administrator is able to add new customized service protocols by clicking Add and delete the added protocols by clicking Delete Ho 10 Name ALL ALL TCP ALL UDP ALL ICMP FTP Policy 1 Service Protocols List Description ALL TCP Source Port 0 65535 Destination Port 0 65535 UDP Source Port 0 65535 Destination Port 0 65535 ICMP Type Any Code Any TCP UDP Destination Port 20 21 TCP UDP Destination Port 80 TCP UDP Destination Port 443 TCP Destination Port 110 TCP Destination Port 25 UDF Destination Port 67 68 Firewall Rules Click on the hyperlink in the No column to edit
182. or disabled here as needed gt Client s Purchasing Record Starting Invoice Number An invoice number may be provided as additional information with a transaction The number will be incremented automatically for each following transaction Click the Change the Number checkbox to change it Description Item Name This is the item information to describe the product for example Internet Access Email Header Enter the information that should appear in the header of the invoice 64 IAC3000 User Manual Authorize Net Payment Page Fields Configuration Authorize Net Payment Page Remark Content Authorize Net Payment Page Fields Configuration Displayed Text Credit Card Number Credit card Expiration credit Card Expiration Date z Date Card Type Card Type V Visa 4 American Express Master Card Discover A b b Credit Card Number Card Code E mail L Customer ID First Mame Last Name Company lv Address City State w Fin Country Phone F ax Address ity a ONS WSN Te a a LM SHS Si eilsila Sill zI ll Slo uu ou mu oO a if al a lc a om o z T o ro H H H H H H H H D ci PJ qu a D oO C an ro H H 4 H H Authorizie Net Payment Page Remark Content You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the Security code located on the back of your credit card If you choose to enter y
183. ord Click Next to continue Verity Password mese A a e Step 2 Choose System s Time Zone gt Select a proper time zone from the drop down list box gt Click Next to continue NEILOMM i lAC3000 Internet Access Controller AGRI GOT AL Step 2 Choose System s Time Zone Select the appropriate time zone for the system Click Next to continue GNT 10 00 Canberra Melbourne Sydney D A 12 IAC3000 User Manual Step 3 Set System Information gt Home Page Enter authenticated to the the URL that users should be initially directed to when successfully network gt NTP Server Enter the URL of the external time server for lAC3000 time synchronization or use the default setting gt Click Next to continue NEILOMU 1403000 Internet Access Controller IRE CECACTAAD Step 3 Set System Information Enter System Information Click Next to continue Home Page http aww netcomm com au 2 9 http Mw google com NTP Server intip1 cs mu OZ ALU 2 9 tock usno navy mil Gaus Step 4 Select Connection Type for WAN Port Three are three types of WAN port to be selected from Static IP Address Dynamic IP Address and PPPOE Client Select a proper Internet connection type and click Nextto continue gt Dynamic IP Address If this option is selected an appropriate IP address and related information will automatically be assigned Click Next to continu
184. ord To Sign bn ib User Nare E Password Note The maximum session time data transfer is 24305 days 9 999 999 Mbyte If the redeem amount exceeds this number the system will automatically reject the redeem process 200 IAC3000 User s Manual Appendix G Console Interface Via this port to enter the console interface for the 2 x administrator to handle the problems and situations Port Settings occurred during operation 1 In order to connect to the console port of AC3000 a console modem cable and a terminal simulation Bits per second 9600 Y program such as the Hyper Terminal are needed l Data bits le 2 Ifa Hyper Terminal is used please set the parameters as 9600 8 n 1 Bar None YS a Stop bits 7 Flow control None Restore Defaults caca tmp Caution the main console is a menu driven text interface with dialog boxes Please use arrow keys on the keyboard to browse the menu and press the Enter key to make selection or confirm what you enter 3 Once the console port of IAC3000 is connected properly the console main screen will appear automatically If the screen does not appear in the terminal simulation program automatically please try to press the arrow keys so that the terminal simulation program will send some messages to the system where the welcome screen or main menu should appear lf the welcome screen or main menu of the console still
185. ory Default hisini iiai IP Address 192 168 25 1 in Mai Login ID admin Password admin Manual After scanning new APs will be listed in the Discovered AP List Click the desired Service Zones to add the AP to the list with selected Service Zones IP Address AP Hame Template AP Type Service Zone Add MAC Address Password Channel 192 168 30 105 admin TMLT Deau NPT25 Employes 00 60 64 27 14 1B admin Auto mi Guest 170 IAC3000 User s Manual Tag Based Service Zone VLAN tags carried within message frames An example of network application diagram is shown as below one Service Zone for Employees and another for Guests XDSL Coble comm ISP WANI Da A VLAN Switch Service Zone 1 Service Zone 2 for Guests for Employees Note The switch deployed under AC3000 in Tag Based mode must be a VLAN switch only 171 IAC3000 User s Manual e Configuration Steps for Tag Based Service Zones The following example assumes the system is in factory default status and just powered up Step 1 Set Tag Based mode Click the System menu and select the LAN Port Mapping tab Select Tag Based mode and click Apply A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Configuration Wizard Service Zone Port Role Setting System Information
186. our e mail address you will receive a gt Authorize Net Payment Page Fields Configuration Item Check the box to show this item on the customer s payment interface Displayed Text Enter what needs to be shown for this field Required Check the box to indicate this item as a required field Credit Card Number Credit card number of the customer The Payment Gateway will only accept card numbers that correspond to the listed card types Credit Card Expiration Date Month and year expiration date of the credit card This should be entered in the format of MMYY For example an expiration date of July September 2009 should be entered as 0709 Card Type This value indicates the level of match between the Card Code entered on a transaction and the value that is on file with a customer s credit card company A code and narrative description are provided indicating the results returned by the processor Card Code The three or four digit code assigned to a customer s credit card number found either on the front of the card at the end of the credit card number or on the back of the card E mail An email address may be provided along with the billing information of a transaction This is the customer s email address and should contain an symbol Customer ID This is an internal identifier for a customer that may be associated with the billing 65 IAC3000 User Manual information of a transaction This field may contain any format of inform
187. ps as follows Follow the instructions of Configuration Wizard to enter the required information step by step save your settings and restart IAC3000 The 6 steps of Configuration Wizard are listed below Step 1 Change Admin s Password Step 2 Choose System s Time Zone Step 3 Set System Information Step 4 Select Connection Type for WAN Port Step 5 Add Local User Account Optional Step 6 Save and Restart IAC Please follow the following steps to complete the quick configuration 1 To access the web management interface connect a PC to one of the LAN1 8 ports and then launch a browse Make sure you have set DHCP in TCP IP of your PC to get an IP address dynamically Next enter the gateway IP address of IAC3000 at the address field The default gateway IP address is http 192 168 30 1 https is also supported in I AC3000 it is used for a secured connection NetComm IAC3000 Microsoft Internet Explorer provided by NetComm Oe Av http 192 168 30 1 File Edit View Favorites Tools Help ve de inetcomm 1Ac300 The administrator login page will appear Enter admin the default username and admin the default password in the User Name and Password fields Click Enter to log in IAC3000 User Manual 77 47 74 1403000 Internet Access Controller wiv AELCONNI CONT au Welcome To Administrator Login Page Please Enter Your User Name and Password To Sign In
188. r Global Policy Specific Route Profile Destination Gateway Route Item IP Address Subnet Netmask IP Address o Route No The number of route o IP Address Destination The destination IP address of the host or the network o Subnet Netmask Select a destination subnet netmask of the host or the network o IP Address Gateway The IP address of the next router to the destination 82 IAC3000 User s Manual gt Maximum Concurrent Session for User Include Maximum Concurrent Session for User from 10 to Unlimited The concurrent sessions for each user it can be restricted by administrator Note For more information please refer to Appendix E Session Limit and Session Log 4 2 4 2 Policy 1 12 Polices can be defined in the Policy tab The administrator can select one of the defined policies to apply it to the specific authentication option All clients belong to this authentication option will be bound by this policy A policy could be applied at zone level at group level or at user level User level policy overrides group level policy Group level policy overrides zone level policy Zone level policy overrides the global policy When the type of authentication database is Local a policy is applied at per user basis When the type of database is NTDOMAIN or ONDEMAND a policy is applied to the whole user database When type of database is RADIUS a policy is mapped to a user group of a RADIUS class The Class P
189. r creian j Enable DHCP Server Start IP Address 192 168 31 2 End IP Address 192 168 31 100 Preferred DNS Server 192 168 31 1 DHCP Server Settings Alternate DNS Server Domain Name domain Step 3 Configure Authentication Settings for SZ1 Check the Enable radio button to enable Authentication Required for the Zone Check the Default button and Enabled box of Guest Users to set ONDEMAND authentication method as default Disable all other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Authentication Settings Authentication Status Enable Disable Auth Option aa Postfix Default Enabled Server 1 LOCAL local O O Server 2 POP3 popa O LI Authentication Options sener 3 RADIUS radius O O Server 4 LDAP Idap O O Step 4 Configure LAN Port Mapping for SZ1 Select the LAN Port Mapping tab from the System menu to enter the LAN Ports and Service Zone Mapping page Select Guests from the drop down list box of LAN1 Click Apply to save the selection 165 IAC3000 User s Manual Wireless Settings Set SSD NetComm_IAC3000 1 Open System Access Point Security L Enable 802 1 Authentication Encryption Managed AP in this S
190. r Multiple Login Preferred DNS Server Alternate DNS Server 128 IAC3000 User s Manual 7 00 00 00400 NetComm lAC3000 htip Sanww netcomim com au WAMA MANJA Disabled Disabled Disabled Disabled Disabled 3 days NJA NIA NIA NIA 2009 01 23 16 30 29 1000 10 Mints Disabled 72 77 11 4223 IAC3000 User s Manual The description of the table is as follows Current Firmware Version The present firmware version of IAC3000 System Name The system name The default is IAC3000 Home Page fire page the users are directed to after initial login success Syslog server Traffic History The IP address and port number of the external Syslog Server N A means that it is not configured Syslog server On demand User log The IP address and port number of the external Syslog Server N A means that it is not configured Enabled disabled stands for that the system is currently using the proxy server or not Enabled Disabled stands for the connection at WAN is normal or Warning of Internet Disconnection abnormal Internet Connection Detection and all online users are allowed disallowed to log in the network WAN Failover Enabled Disabled stands for the function currently being used or not Load Balancing Enabled Disabled stands for the function currently being used or not Enabled disabled stands for the current status of the SNMP management function Retained Days The maximum number of days for the system to retai
191. r s browser can be avoided in order to maintain the built IPSec VPN tunnel always alive Reasons why Internet Explorer may cause ActiveX to stop unexpectedly are as follows a The crash of Internet Explorer on running ActiveX Suggestion Please reboot client s computer once Windows service is resumed Go through the login process again 208 IAC3000 User s Manual b Terminate the Internet Explorer Task from Windows Task Manager Suggestion Do not terminate this VPN task of Internet Explorer c There are some cases of Windows messages by which the system will hint current user to 1 Close the Windows Internet Explorer 2 Click logout on login success page 3 Click back or refresh of the same Internet Explorer 4 Enter new URL in the same Internet Explorer 5 Open a URL from the other application e g email of Outlook that occupies this existing Internet Explorer All these will cause the termination of IPSec VPN tunneling if the user chooses to click Yes The user has to log in again to regain the network access Suggestion Click Cancel if you do not intend to stop the PSec VPN connection yet 6 Non supported OS and Browser Currently Windows Internet Explorer is the only browser supported by the system Windows XP and Windows 2000 are the only two supported OS along with this release 7 FAQ a How to clean IPSec client ANS Open a command prompt window and type the commands as follows
192. ration IAC3000 User Manual This section includes the following functions Configuration Wizard System Information WAN1 Configuration WAN2 Configuration WAN Traffic Settings LAN Port Mapping and Service Zones System Configuration Configuration Wizard iia cortaron gt System Information WAN Configuration WAN Configuration WAN Traffic Settings LAN Port Mapping Service Zones System Configuration This wizard will guide you through basic system setup Configure system and network related parameters system name administrator information SNMP and time zone Clients will be redirected to URL entered in the Home Page field after successful login Administrator may limit remote administration access to a specific IP address or network segments When enabled only devices with such IP address or from this network segment may enter system s administration web interface remotely Network Time Protocol NTP Server setting allows the system to synchronize its time date with external time server set up WAN interface using the connection types Static Dynamic PPTP or PPPoE set up WAN interface using the connection types None Static Dynamic or PPPoE Overall traffic control features of WAN interface such as Load Balancing WAN auto failover bandwidth management and connection detection etc A Service Zone in the system by default contains wired and wireless coverage areas in the or
193. re to update the current firmware To upload click Browse to select the file and then click Upload AP Type AP File Name File Name Checksum Preloaded Firmware Version APv2_ eb Firmware Upload Browse Upload Firmware List AP Type Version Size Actions 102 IAC3000 User s Manual 4 3 6 AP Upgrade Check the APs which need to be upgraded and select the upgrade version of firmware and click Apply to upgrade firmware AP List Upgraded New Version Upgrade 103 4 3 7 WDS Management IAC3000 User s Manual WDS Management Wireless Distribution System is a function used to connect APs Access Points wirelessly The WDS management function of the system can help administrators to setup a WDS network topology Default Settings for Newly Added WDS Tree Security Mone Channel 1 WDS Status WDS Tree Secunty Channel Refresh Interval Disable Auto Refresh No WOS operation has been done WDS Update The Parent AP of this new connection The Child AP of this new connection The Parent AP of this updated connection The Child AP of this updated connection and the connection to the previous Parent AP will be deleted The AP selected including all the Child APs of it will be deleted m cL Edit WDS Status Status shows the added APs in the WDS Tree with the Security and Channel settings The WDS could be set up more than one tree Clicking the Edit is to change the WDS connect
194. recent utility bill or other information confirming your address or to answer additional questions to help verify gt e agree O disagree 148 IAC3000 User s Manual 149 AC3000 User s Manual Step 3 Please fill out the form and Click Submitto send out this transaction There will be a confirm dialog box OOOO Rate Plan 2 hrs 0 mins 12 hrs 0 mins 600 Mbyte 2000 Mbyte Wireless Internet Access Price 4 8 4 8 Credit Card amp Contact Information Credit Card Number 45631234567890 ig Credit Card Expiration Date 1208 Card Type Card Code E mail First Name Last Name Company Address City State Zip Country Phone Fax MMYY Visa si 527 Tom Lee Fields denoted by an asterisk are required Note You must fill in the correct credit card number and expiration date Card code is the last 3 digits of the security code located on the back of your credit card If you choose to enter your e mail address you will receive a confirmation letter for your own reference Step 4 Please confirm the data and the click OK to go on the transaction or click Cancel to revise the data or cancel this transaction After clicking OK there will be another dialog box showing up to confirm this transaction again 150 IAC3000 User s Manual Microsoft
195. rio is that a proxy server is placed in the Extranet such as DMZ which all users from the Intranet or the Internet are able to access For example the following diagram shows that a proxy server of an organization in the DMZ will be used Router a Gateway ore Switch o o n il 1 2 Switch Access Point Access Point Notebook Notebook E q J Proxy Server Web Server Mail Server Caution A special scenario is that a proxy server is placed in a zone like Intranet where users can reach each other without going through the system In this case whenever any one of users in the Intranet has been authenticated and connects to the network via the proxy server other users using the same proxy setting in their browsers will be able to access the network without any authentication Therefore to stop the risk it is strongly recommended to put all proxy servers outside the Intranet 180 IAC3000 User s Manual Follow the following steps to complete the proxy configuration Step 1 Log in the system by using the admin account Step 2 Network gt gt Proxy Server gt gt External Proxy Servers page Add the IP address and port number of the proxy server into External Proxy Servers setting Click Apply to save the settings Step 3 Make sure that clients use the same proxy server settings Please also configure appropriate exceptions if there is any traffic which is not needed to go through proxy
196. rnal LDAP authentication server The system is capable of supporting two LDAP servers primary and secondary for fault tolerance Authentication Server Server 4 Server Name Its sewer name Postfix lts postfix name Black List Morne w Authentication Method LDAP w LDAP Setting Group Groupi Enable Local VPN Server Name Set a name for the authentication option by using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed Postfix Set a postfix that is easy to distinguish e g Ldap by using numbers 0 9 alphabets a z or A Z dash underline _ and dot within a maximum of 40 characters All other characters are not allowed A postfix is used to inform the system which authentication option is used for authenticating an account e g bob MelbourneLdap or tim SydneyRadius when multiple options are concurrently in use One of authentication options can be assigned as default The postfix can be omitted only when the default authentication option is used For example if MelbourneLdap is the postfix of the default option Bob can log in with either bob or bob MelbourneLdap as his username Black List There are five sets of the black lists A user account listed in the black list is not allowed to log into the system Select one black list from the drop down list box to be applied to this specific authentication option
197. rt section of our website www netcomm com au support Note NetComm Technical Support for this product only covers the basic installation and features outlined in the Quick Start Guide For further information regarding the advanced features of this product please refer to the configuring sections in the User Guide or contact a Network Specialist MENLO a WWW Ne tCO NIM COIM QU NETCOMM LIMITED PO Box 1200 Lane Cove NSW 2066 Australia DYNALINK NZ 224b Bush Road Albany Auckland New Zealand P 02 9424 2070 F 02 9424 2010 P 09 448 5548 F 09 448 5549 E sales netcomm com au W www netcomm com au E sales dynalink co nz_ W www dynalink co nz Trademarks and registered trademarks are the property of NetComm Limited or their respective owners Specifications are subject to change without notice Images shown may vary slightly from the actual product www dynalink co nz
198. s only where they can check their 198 IAC3000 User s Manual Remaining Usage time User Login Page Welcome To User Login Page Please Enter Your User Name and Password To Sign In User Name tecifPiocal Password ses T Remember Me 3 Successful The Login Successful page appearing means IAC3000 has been installed and configured successfully Now you are connected to the network and Internet Hello you are logged in via test llocal Please click this button to Logout Login time 2009 1 27 11 40 52 Start Browsing Note When On demand accounts are used for example we use d9d5 ondemand here the system will display more information as shown below 199 IAC3000 User s Manual 4 Remaining Usage The remaining quota of this On demand account that the user can surf the Internet Hello you are logged in via d9d5 ondemand To log out please click the Logout button Remaining Usage 99M 1024K bytes Login time 2009 1 27 11 42 32 start Browsing 5 Redeem When the remaining quota is insufficient the user can add up the quota by purchasing an additional account Please enter the new username and password in the Redeem Page and click ENTER button to merge the two accounts so that there will be more quota for the original account Welcome To Redeem Page Piasso Enter Your User Name and Pasew
199. s sites to encrypt the data 118 IAC3000 User s Manual transmission Click Add A New Site Entry button to set configuration about remote VPN capable devices such as a VPN gateway Click Add A Local Entry button to set configuration about local site Remote Site Configuration Name IP Address Pre shared Key Edit Delete TPE 1 2 3 4 12345 BJ 2 3 4 5 1111 Add A Remote Site Local Site Configuration Local Subnet Local Interface Remote VPN Gateway Remote Subnet Edit Delete 192 168 1 0 24 WANT 1 2 3 4 192 168 11 0 24 192 168 2 0 WANI 2 3 4 5 192 168 4 0 24 Add A Local site Click Add A Remote Site to enter the Remote VPN Gateway page for further configuration Remote VPN Gateway IP Address fs Authentication Method Pre shared Key f Phase Proposal Encryption AES256 Y Authentication Diffie Hellman Group Cl Group 1 Cl Group 2 CI Groups IKE Life Time IKE Life Time 8h s second m minute A hour d day DPD Delay 10 second DPD Timeout 1 i fc Dead Peer Detection Remote Subnet Ho Hetrork Mask 1 OoOo 255 255 255 255 192 C1 2 OC OC Click Add A Local Site to enter the Site Information page for further configuration of local site 119 Local Interface Site Information Remote Gateway IP Address Local Subnet Remote Subnet Phase Proposal Key Life Time Rekey Perfect Forward Secrecy es fin pretix notation susini Encryption AES256 Authentication
200. s to charge Intemet access and gt gt accept payments via _ PayPal No Disable Yes Extemal Payment Gateway Make sure PayPal Business Account is opened and ready Obtain information from 1 Business Account ID PayPal com 2 Payment Gateway URL y 3 Identity Token Enable and configure the PayPal related settings No Check and retry Yes or ask for technical support Payment function via PayPal Up and running 153 IAC3000 User s Manual 1 Setting Up As follows are the basic steps to open and configure a Business Account on PayPal 1 1 Open An Account Step 1 Sign up for a PayPal Business Account and login Here is a link https www paypal com cgi bin vwebscr cmd registration run Choose H Enter Information Confirm gt Done Sign Up for a PayPal Account Anyone with an email address can use PayPal to send and receive money online What is PayPal Already have a PayPal Account Upgrade your account Personal Account Ideal for shopping online It s a free secure and fast way to send payments You can also accept bank account or PayPal balance funded payments for free and a limited number of credit or debit card payments per year for a low fee Learn more Premier Account Perfect for buying and selling on eBay or merchant websites Accept all payment types for low fees Do business under your own name Business Accou
201. safe mode Synchronize clock with NIP server Print the kernel ring buffer Main menu Se ee ee ee ee ee 2 ao ULB TR LBIBEBTBLBLEL ELE LEE ere cp CCE Cea apa ce caca caca caca acre e IB IB IBID IBIBIBIDIBIBIBL ELBE EL ELE LE LBL BIB IB IB IB IB IBIBLD A Tqqqqaqqqqqqqqqqqqqqaqqqqagqqqgqgqagqqaqaqqqaqqqqagqgqgqaqgqqaqqaqqqqaqqqqqaqqaqqqaqqaqqaqu Y VV WV Ping host IP By sending ICMP echo request to a specified host and wait for the response to test the network status Trace routing path Trace and inquire the routing path to a specific target Display interface settings It displays the information of each network interface setting including the MAC address IP address and netmask Display the routing table The internal routing table of the system is displayed which may help to confirm the Static Route settings Display ARP table The internal ARP table of the system is displayed Display system up time The system live time time for system being turn on is displayed Check service status Check and display the status of the system Set device into safe mode If the administrator is unable to use Web Management Interface via browser for the system failed inexplicitly The administrator can choose this utility and set it into safe mode which enables him to manage this device with browser again Synchronize clock with NTP server Immediately synchronize the clock through the NTP protocol and the specified network t
202. se Status System Status Display current system settings Display the current settings of all network interfaces such as WAN and service zone Interface Status List all Policy Route rules and Global Policy Route rules The System cul Table ds rules are shown Hee as well The Policy Route rule has higher Traffic History priority than the Global Policy route rule The System Route rule has the lowest priority Notification Configuration Display online user information including Username IP MAC packet Current Users count byte count and idle time Administrator may also kick out any on line user from here Display detail usage information by day A minimum of 3 days of Traffic History i history can be logged in the system The system can send various reports via up to 3 email accounts such as Monitor IP report Users log and Session Log The external SYSLOG server and FTP server are configured here Notification Configuration 127 4 6 1 System Status This section provides an overview of the system for the administrator r System Status Traffic History i Interface Status System Status System Status Current Firmware Version Build System Name Home Page SYSLOG server Traffic History SYSLOG server On demand Users Log Proxy Server Warning of Internet Disconnection WAN Failover Load Balancing SNMP Retained Days History Email To NTP Server Time Date Time Idle Timer Use
203. se arises out of events beyond NetComm s reasonable control This includes but is not limited to acts of God war riot embargoes acts of civil or military authorities fire floods electricity outages lightning power surges or shortages of materials or labour 6 The customer is responsible for the security of their computer and network at all times Security features may be disabled within the factory default settings NetComm recommends that you enable these features to enhance your security The warranty is automatically voided if 1 You or someone else use the product or attempts to use it other than as specified by NetComm 2 The fault or defect in your product is the result of a voltage surge subjected to the product either by the way of power supply or communication line whether caused by thunderstorm activity or any other cause s 3 The fault is the result of accidental damage or damage in transit including but not limited to liquid spillage 4 Your product has been used for any purposes other than that for which it is sold or in any way other than in strict accordance with the user manual supplied 5 Your product has been repaired or modified or attempted to be repaired or modified other than by a qualified person at a service centre authorised by NetComm and 6 The serial number has been defaced or altered in any way or if the serial number plate has been removed Limitations of Warranty The Trade Practices
204. security feature enables merchants to verify that the results of a transaction or transaction response received by their server were actually sent from the Authorize Net Test Mode In this mode merchants can post test transactions for free to check if the payment function works properly Service Disclaimer Content Choose Billing Plan for Authorize Net Payment Page Client s Purchasing Record 63 IAC3000 User Manual Service Disclaimer Content We may collect and store the following personal information email address physical contact information credit card numbers and transactional information based on your activities on the Internet service provided by us If the information you provide cannot be verified we may ask you to send us additional information such as your O Enable Disable 2 hrs 0 mins 0 MA Enable Disable Enable Disable ME Enable Disable Enable Disable Enable Disable Client s Purchasing Record Starting Invoice Number 00000001 dl Change the Mumber Description tem Name Internet access E mail Header Enjoy Online gt Service Disclaimer Content ME MO Y y A y a _ m S View service agreements and fees for the standard payment gateway services here as well as adding new or editing services disclaimer gt Choose Billing Plan for Authorize Net Payment Page These 10 plans are the plans configured in Billing Plans page and all previously enabled plans can be further enabled
205. server for example there is no need to use proxy server for the Default Gateway 192 168 1 254 Local Area Network LAN Settings Automatic configuration Automatic configuration may override manual settings To ensure the use of manual settings disable automatic configuration _ Automatically detect settings Use automatic configuration script po Proxy server Use a proxy server For vour LAN These settings will not apply to dial up or VPM connections Bypass proxy server Por local addresses Proxy Settings Servers Proxy address bo use La m Secure FTP Socks Use the same proxy server For all protocols Exceptions Do not use proxy server For addresses beginning with 192 168 1254 1 1 1 1 Use semicolons to separate entries Lo m 181 IAC3000 User s Manual Caution It is required that the proxy server setting of the clients match with the proxy server setting of the system Otherwise users will not be able to get the Login page for authentication via browsers and it will be shown an error page in the browser 182 IAC3000 User s Manual Appendix E Session Limit and Session Log Session Limit To prevent ill behaved clients or malicious software from using up the system s connection resources the administrator can restrict the number of concurrent sessions that a user can establish gt The maximum number of concurrent sessions
206. start IAC3000 The Setup Wizard is now complete Melom i IAC3000 Internet Access Controller EPOCA Step 6 Save and Restart IAC3000 The Setup Wizard has completed Click on Back to review or modify settings Click Restart to save the settings and restart the system to have the current settings take effect A axe e Restart When IAC3000 is restarting a Restarting now Please wait for a moment message will appear on the screen Melt i IAC3000 Internet Access Controller WWW NE COMIN COM Bl Setup Wizard Restarting now Please wait for a moment Please do NOT interrupt IAC3000 restart process until the Configuration Wizard pop up window has disappeared which indicates the restart process has been completed If all steps are done properly you can start working on the system or refer to the User Manual for advanced settings 16 IAC3000 User Manual M HH e Q Logout IH Wf 1AC3000 Internet Access Controller Help WWW NELCOMIM COM IU User AP Network _ Authentication Management Configuration Utilities Status Configuration Wizard Configuration Wizard AC3000 is a Network Access Controller with access control features ideal for hotspot small and medium business networking The wizard will guide you through the process of creating a baseline strategy Please follow the wizard step by step to configure lAC3000 00 Note For an example of user login pleas
207. supported by Windows platform Internet Explorer where Active X program is supported Authentication Method Select NT Domain from the drop down list box and click NT Domain Setting to enter the Domain Controller page The settings will take effect immediately after clicking Apply 57 IAC3000 User Manual Domain Controller Server IP frat Address Transparent Login Enabled Disabled CWindows 2000 2003 or above Server IP The IP address of the external NT Domain Server Transparent Login This function refers to Windows NT Domain single sign on When Transparent Login is enabled clients will log in to the system automatically after they have logged in to the NT domain which means that clients only need to log in once 58 4 2 1 6 IAC3000 User Manual ONDEMAND There are some deployment scenarios for example at venues such as coffee shops hotels motels restaurants etc where retail customers or casual walk in visitors want to get wireless Internet access To offer the Wi Fi access either for commercial use or for free user accounts should be able to be created upon request and account tickets receipts should also be provided Therefore On demand User is designed as the authentication option for this type of deployment scenarios Authentication Server On demand User General Settings Configure Ticket Customization Configure External Payment Gateway Contigure On demand Account Creation Create On
208. t may include parentheses or dashes to separate the area code and number Fax A fax number may be associated with the billing information of a transaction This number may be entered as all number or contain parentheses and dashes to separate the area code and number gt Authorizie Net Payment Page Remark Content Enter additional details for the transaction such as Tax Freight and Duty Amounts Tax Exempt status and a Purchase Order Number if applicable PayPal Before setting up PayPal it is required that the merchant owners have a valid PayPal Business Account Please see Appendix B Accepting Payments via PayPal for more information about setting up a PayPal Business Account relevant maintenance functions and an example for end users After opening a PayPal Business Account the merchant should find the Identity Token of this PayPal account to continue PayPal Payment Page Configuration 66 IAC3000 User Manual External Payment Gateway Authorize Net PayPal SecurePay Disable PayPal Payment Page Configuration Payment Gateway URL https www paypal com cgi binfwebscr Verify SSL Certificate O Enable Disable Currency USD U S Dollar gt PayPal Payment Page Configuration Business Account This is the Login ID email address that is associated with the PayPal Business Account Payment Gateway URL This is the default website address to post all transaction data Id
209. t when Enable DHCP Relay is enabled the IP address of clients will be assigned by an external DHCP server The system will only relay DHCP information from the external DHCP server to downstream clients of this service zone o Start IP Address End IP Address A range of IP addresses that built in DHCP server will assign to clients Note please change the Management IP Address List accordingly at System Configuration gt gt System Information gt gt Management IP Address List to permit the administrator to access the IAC3000 admin page after the default IP address of the network interface is changed o Preferred DNS Server The primary DNS server that is used by this Service Zone o Alternate DNS Server The substitute DNS server that is used by this Service Zone o Domain Name Enter the domain name for this service zone o WINS Server IP The IP address of the WINS Windows Internet Naming Service server that if 38 IAC3000 User Manual WINS server is applicable to this service zone o Lease Time This is the time period that the IP addresses issued from the DHCP server are valid and available o Reserved IP Address List Each service zone can reserve up to 40 IP addresses from predefined DHCP range to prevent the system from issuing these IP addresses to downstream clients The administrator can reserve a specific IP address for a special device with certain MAC address 2 Service Zone Settings SIP Interface Configurat
210. ta Status Remark Delete All J23 qurebbd4 2 hr s Normal Delete 0 _ ES 2 2 Refund A Settled Transaction and Remove the On demand Account Generated on IAC3000 a To refund a credit card payment please log in Authorize Net Click Virtual Terminal gt gt Select a Payment Method gt gt Click Refund a Credit Card gt gt Payment Authorization Information gt gt Type information in at least three fields Card Number Expiration Date and Amount gt gt Confirm and click Submit b To remove the specific account from I AC3000 please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List gt gt Click Delete on the record with the account name 2 3 Find the Username and Password for A Specific Customer Please log in Authorize Net Click Unsettled Transactions gt gt Try to locate the specific transaction record on the List of Unsettled Transactions gt gt Click the Trans ID number gt gt Click Show Itemized Order Information in the Order Information section gt gt Username and Password can be found in the Item Description 2 4 Send An Email Receipt to A Customer If a valid email address is provided an email receipt with payment details for each successful transaction will be 146 IAC3000 User s Manual automatically sent to the customer via A
211. the on demand user is still logged in the system will 59 IAC3000 User Manual update the billing notice of the login successful page by the time interval defined here Number of Tickets Print one or duplicate receipts when pressing the print button of the ticket printer which connected to serial port 2 Ticket Customization On demand account ticket can be customized here and previewed on the screen E Ticket Customization Receipt Header 1 Receipteaderz SSCS Receipteadera OSOS Receipt Footer 1 Recemtrooter OSOS Receptors sd rema OO None Background Image Default Image Uploaded Image Twin Ticket O Enable Disable Apply xX Cancel Plan Type 1 Time Quota le xx hrs xx minis Note To make a better print out ticket you may need to cofigure the browser settings for example Page Setup as well as the printer settings for example Preferences before printing out the page 60 IAC3000 User Manual e Receipt Header There are three receipt headers supported by the system The entered content will be printed on the receipt These headers are optional e Receipt Footer The entered content will be printed on the receipt This footer is optional e Background Image You can choose to customize the ticket by uploading your own background image for the ticket or choose the default image or none Click Browse to select the image file and then click upload The background ima
212. the server On demand User gt gt On demand Account List gt gt Click View gt gt On demand Account List Search for the specific username Password can be found in the same record 157 IAC3000 User s Manual On demand Users List Remaining Username Password Status Expiration Time Delete All Time Volume 200907 827 Wada KP23E564 2 hour Normal 13 13 45 Delete Note As stated by PayPal you can issue a full or partial refund for any reason and for 60 days after the original payment was sent To find the on demand account name for a specific payment click Details of the payment listing in the activity history log gt gt Username can be found in the Item Title field 2 3 Send an email receipt to a customer If a valid email address is provided an email receipt with payment details for each successful transaction will be automatically sent to the customer via PayPal To change the information on the receipt for customer please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt On demand User Server Configuration gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select PayPal gt gt Go to Client s Purchasing Record section gt gt Type in information in the text boxes Invoice Number and Description Item Name gt gt Confirm and click Apply Client s Purchasing Record starting
213. three parts Demilitarized Zone Public Accessible Server and Port and IP Redirect that can be set Network Address Translation DMZ Demilitarized Zone Public Accessible Server Port and IP Redirect e DMZ The system supports up to 40 sets of Internal IP address LAN to External IP address WAN mapping in the Static Assignments The External IP Address of the Automatic WAN IP Assignment is the IP address of External Interface WAN1 that will change dynamically if WAN1 Interface is Dynamic When Automatic WAN IP Assignments is enabled the entered Internal IP Address of Automatic WAN IP Assignment will be bound with WAN1 interface Each Static Assignment could be bound with the chosen External Interface WAN1 or WAN2 There are 40 sets of static Internal IP Address and External IP Address available Enter Internal and External IP Addresses as a set After the setup accessing the WAN will be mapped to access the Internal IP Address These settings will become effective immediately after clicking the Apply button Automatic WAN IP Assignment Enable External IP Address External Interface Internal IP Address Static Assignments Item External IP Address External Interface Internal IP Address 1 s E 7 2 O gt E 106 IAC3000 User s Manual Public Accessible Server This function allows the administrator to set 40 virtual servers at most so that client devices outside the managed network can access these s
214. ting process Once the settings of two Service Zones are completed the configured result will be displayed in the Service Zone Settings page SZ1 and SZ2 are both enabled 175 IAC3000 User s Manual User 7 AP 4 Network Authentication Management Configuration Spui A Ss Service Zone Settings 4 Configuration Wizard Service Zone Settings System Information Service VLAN WLAN Appli pplied Default Zone SSID Policy Authentication Status Details Tag Encryption r Name 4 WAN1 Configuration NetCom Default mJAC3 None Policy Semert Enable Configure 4 WAN2 Configuration 000 NetCom Wan Traffic settings Guest 1111 m_JAC3 Policy 1 cd ii Enable 000 1 LAN Port Mapping NetCom etme Employee 2222 m_IAC3 Policy2 Semert Enable Configure Service Zones yetlom SZ3 3 m_lIAC3 None Policy 1 Server 1 Disable Configure Step 8 AP Discovery Select AP Discovery in AP Management Choose the AP Type the Interface port has been selected Select Factory Default in the section of Admin Settings Used to Discover If selecting manually type the range of IP address in the section Then start scanning the new APs by clicking Scan Now buiton AP Discovery AP Type NP 25 interface Y Factory Default IP Address 192 168 25 1 Login ID admin Password admin Manual Admin Settings Used to Discover scan Now After scanning new APs will be listed in the Discovered AP List
215. tion Server Name Auth Method Postfix Group server 1 LOCAL local Group 1 Server 2 POP3 pop3 Group 1 Server 3 RADIUS radius Group 1 Server 4 LDAP ldap Group 1 On demand User ONDEMAND ondemand Group 1 SIP SIP WA None e Server Name There are several authentication options supported by IAC3000 Server 1 to Server 4 On demand User and SIP Click the hyperlink of the respective Server Name to configure the authentication server e Auth Method There are different authentication methods in IAC3000 LOCAL POP3 RADIUS LDAP NTDOMAIN ONDEMAND and SIP e Postfix A postfix represents the authentication server in a complete username For example user1 local means that this user user1 will be authenticated against the LOCAL authentication database Note Concurrently only one server is allowed to be set as LOCAL or NTDOMAIN authentication method e Group An authentication option such as POP3 or NT Domain can be set as a Group with the same QoS or Privilege Profile setting For more information on Group please refer to Section 4 2 3 Group Configuration Caution After clicking Apply there will be a restart message You must click Restart to apply the settings 44 IAC3000 User Manual e Authentication Server Configuration IAC3000 provides four authentication servers and one on demand server that the administrator can apply with different policy Click on the server name to set the configuration for that particular server After
216. tween Group and Service Zone is many to many every Group can access network services via more than one Service Zone and meanwhile each Service Zone can serve more than one Group Click the hyperlink in the Edit Group Permission column to enter the Group Configuration interface which is based on the role of Service Zone to configure the relation between Group and Zone 78 IAC3000 User s Manual Group Option Enabled f Pocy Edit Group Option Group Option The name of Group options available for selection Enabled Select Enabled to allow clients of the enabled Groups to log in to this Service Zone under constraints of the selected Policies Check Enabled of the respected Group to assign it them to the Service Zone listed For example the above figure shows clients in Group 1 8 can access Default Service Zone where they are governed by Policy 1 8 respectively Policy Select a Policy that the Group will be applied with when accessing this Service Zone Edit Group Option Click the hyperlink in the Edit Group Option column to enter Zone Permission Configuration amp Policy Assignment interface which is based on the role of Group to configure the relation between Group and Zone 79 IAC3000 User s Manual 4 2 4 Policy Configuration IAC3000 supports multiple Policies including one Global Policy and 12 individual Policy Each Policy consists of access control profiles that can be configured respectively and applied
217. ty could manipulate the data in your button code If you plan on only using encrypted buttons you can block payments from non encrypted ones Learn more about Encrypted Website Payments Note If you enable Encrypted Website Payments all of your Buy Now Donations and Subscriptions buttons must be encrypted via one of the following methods e Using the Button Factory with the security settings enabled e Using your own code you encrypt all website payments before sending them to PayPal By enabling this feature any Buy Now Donation or Subscription button that is not encrypted will be rejected by PayPal Block Non encrypted 7 On Website Payment amp Off PayPal Account Optional When this feature is turned on your customers will go through an optimized checkout experience This feature is available for Buy Now Donations and Shopping Cart buttons but not for Subscription buttons Learn More PayPal Account On Optional Off Contact Telephone Number When you activate this option your customers will be asked to include a Contact Telephone Number with their payment information Learn More Note Selecting On Required Field could have a negative effect on buyer conversion Contact Telephone On Optional Field Cc On Required Field Off PayPal recommends this option Save Cancel 155 IAC3000 User s Manual 1 2 Configure AC3000 with a PayPal Business Account Please log in IAC3000 User Authentication
218. uer plus the owner s public key and the signature made by the CA Network entities verify these signatures using CA certificates You can apply for a SSL certificate at CAs such as VeriSign If you already have an SSL Certificate please Click Browse to select the file and upload it Click Apply to complete the upload process 87 IAC3000 User s Manual Upload Private Key Upload Customer Certificate Lise Default Certificate Without a valid certificate users may encounter the following problem in IE7 when they try to open the login page gt Certificate Error Navigation Blocked Windows Internet Explorer EJ Gl http www google com File Edit View Favorites Tools Help Y abe Certificate Error Navigation Blocked y There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Y Click here to close this webpage Continue to this website not recommended More information Click Continue to this website to access the user login page To Use Default Certificate Click Use Default Certificate to use the def
219. uration Net Wai contguration gt 119 com WAN2 Configuration Default OR None Policy1 Server1 Enable WAN Traffic Settings Laja EEE OOOO e ss None Policy 1 2 Enable None Policy1 Serer1 Disable 22302 22 302 org m O o o P o eQ 38 8152 SQL Step 6 Configure Basic Settings for SZ2 Check the Enable radio button of Service Zone Status to activate SZ2 Enter a name for SZ2 e g Employee in the Service Zone Name field 167 IAC3000 User s Manual Basic Settings Service Zone Status Enable Disable Service Zone Name Operation Mode NAT Router Network Settings IP Address 192 168 32 1 subnet Mask 255 255 255 0 Disable DHCP Server 2 Enable DHCP Server Start IP Address 192 169 32 2 End IP Address 192 168 32 100 Preferred DNS Server 192 168 32 1 DHCP Server Settings Alternate DNS Server Domain Name domain Step 7 Configure Authentication Settings for SZ2 Check the Enable radio button to enable Authentication Required for the Zone Check the Default button and Enabled box of Server 1 to set LOCAL authentication method as default Disable all other authentication options Then click Apply to activate the settings made so far A warning message You should restart the system to activate the changes will appear at the bottom of the page Do NOT restart the system until you have completed all the configuration steps Authentic
220. uring the Period Please log in Authorize Net gt gt Click Reports gt gt Check Statistics by Settlement Date radio button gt gt Select Transaction Type Start Date and End Date as the criteria gt gt Click Run Report 3 2 Transaction Statistics by Different Location a To deploy more than one IAC3000 the way to distinguish transactions from different locations is to make the invoice numbers different To change the invoice setting please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize NET gt gt Scroll down to Client s Purchasing Record section of the page gt gt Check the Change the Number box gt gt A location specific ID for example Hotspot A can be used as the first part of Invoice Number gt gt uncheck the Change the Number box and click Apply Client s Purchasing Record Description Hem Name Internet Access E mail Header Enjoy Online 147 IAC3000 User s Manual b Please log in Authorize Net gt gt Click Search and Download gt gt Specify the transaction period or ALL Settled Unsettled in Settlement Date section gt gt Go to Transaction section gt gt Enter the first part of invoice number plus an asterisk character for example Hotspot A in the
221. ust be larger than 4 20 Range 0 300000 including two digits after decimal point e g 1 994 Volume Total traffic volume xx Mbytes up to which on demand users are allowed to Price transfer data Editing Billing Plan Range 1 2000 4 Account Activation First time login must be done within davis hours Range of hours 0 23 they cannot both be zero 4 Valid Period After activation account will be expired in davis i Must be larger than 0 j 20 Range 0 100000 including tuo digits after decimal point e q 19975 Cut off Specify an absolute clock time of a day HH MM range 00 00 23 59 when Price the account expires Editing Billing Plan Plan 2 Type Cut o Cut off Time HH MM range 00 00 23 59 Grace Period Account remains usable for hour s after cut off Unit Price per day M Range 0 100000 including two digits after decimal point e g 1 99 fey Apply Y l Cancel Quota The limit on how On demand users are allowed to access the network Price The unit price of the plan Enable Click the check box to activate the plan Function Click the button Edit to add and edit a billing plan 4 External Payment Gateway This section is for merchants to set up an external payment gateway to accept payments in order to provide wireless access service to end customers who wish to pay for the service on line The four options are
222. uthorize Net To change the information on the receipt for customer please log in IAC3000 User Authentication gt gt Authentication Configuration gt gt Click the server On demand User gt gt External Payment Gateway gt gt Click Configure gt gt External Payment Gateway gt gt Select Authorize NET gt gt Scroll down to Client s Purchasing Record section of the page gt gt Type in information in the text boxes Description and E mail Header gt gt Confirm and click Apply Client s Purchasing Record Starting Invoice Number Hotspotvk oooooo04 Cl Change the Number Description item Name Internet Access Title for Message to Seller Special Note to Seller z 2 5 Send an Email Receipt for Each Transaction to the Merchant Owner A copy of email receipt with payment details for each successful transaction will also be automatically sent to the merchant owner administrator via Authorize Net To configure the contact person who will receive a receipt for each transaction please log in Authorize Net Click Settings and Profile gt gt Go to the General section gt gt Click Manage Contacts gt gt Click Add New Contact to gt gt Enter necessary contact information on this page gt gt Check the Transaction Receipt box gt gt Click Submit 3 Reporting During normal operation the following steps will be necessary to generate transaction reports 3 1 Transaction Statistics by Credit Card Type d
223. vice zone e Status Each AP s status will be shown in this column Click the hyperlink of the shown status of each managed AP to see detailed status information about the specific AP such as System Status Service Zone Status Wireless Status Access Control Status and Associated Client Status The status includes 1 Online The hyperlink of Online Enabled indicates that the AP is currently online and in service Online Disabled indicates that the AP is currently online but not ready in service 2 Offline The AP is currently offline for example it is displayed as Offline when the power of the AP is off or the network connection between the AP and the system is down 3 Configuring lt is displayed as Configuring when the newly discovered AP is being added to the list and being configured or new setting is being applied to the AP 4 Upgrading The AP is undergoing firmware upgrade 5 Lost Unknown After the system s rebooting and before it tries to probe the AP and determine the exact status the status will be displayed as Lost or Unknown temporarily Check any AP and then click the button below to Reboot Enable Disable and Delete the checked AP if desired 91 IAC3000 User s Manual AP List IP Address F AP Type AP Name Service Zone Status MAC Address 197 166 30 100 C NP725 Office AP Default Offline 00 60 64 27 10 10 Click Apply Template to select one template to apply to the AP tA Template Templat
224. y these clients whose MAC addresses are listed in this list can be allowed to connect to the AP on the other hand when the status is Denied the clients whose MAC addresses are listed in the list will be denied to connect to the AP When Disabled is selected all clients can connect to the AP The default is Disabled User Limit Limit the number of users connected to that AP Access Control User Limit Range from 1 to 32 MAC Address List O CECI O ECT CO owe A oee CO owe O oee IS CECI A EIA CO T CECI A CECI 95 IAC3000 User s Manual 4 3 2 AP Discovery Use this function to detect and manage all of the APs in the network segments Note that IAC3000 can only manage APs that are connected to its LAN ports Therefore the AP discovery function is for adding locally connected APs to its management list The administrator must know the local IP addresses of the APs he she wishes to discover AP Discovery AP Discovery AP Type NPY25 Interface Default Dd 6 Factory Default IP Address 192 168 251 Admin Settings Used Loans again to Discover Password admin Manual Background AP Discovery Status Disabled Discovered AP List IP Address AP Name Template AP Type Service Zone MAC Address Password Channel e To discover AP manually please fill in the required data gt gt gt gt AP Type Choose the type of AP you wish to discover Interface Set to default Admin S
Download Pdf Manuals
Related Search